ElfFile $ElfChnkx *jMu=VysMc&&**  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ! F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=33110b96-e41c-4bab-a3c2-91275f8ea8eb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **O ]Ɋ& '!XO F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**O ]Ɋ& ?!XO F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**O ]Ɋ& ;!XO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**O ]Ɋ& 3!XO F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**O ]Ɋ& 3!XO F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ica**O ]Ɋ& 5!XO F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0O ]Ɋ& !O F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=564335c5-3dde-43f5-99bb-c4c8c77cb342 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=564335c5-3dde-43f5-99bb-c4c8c77cb342 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**&d3 ]Ɋ& )!X&d3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**&d3 ]Ɋ& A!X&d3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-wid**&d3 ]Ɋ& =!X&d3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**&d3 ]Ɋ& 5!X&d3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **&d3 ]Ɋ& 5!X&d3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==4**&d3 ]Ɋ& 7!X&d3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0&d3 ]Ɋ& !&d3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=93409a62-bc84-4f69-8710-c310239e928c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@od3 ]Ɋ& !od3 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=93409a62-bc84-4f69-8710-c310239e928c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xod3 ]Ɋ& !Xod3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pod3 ]Ɋ& !Xod3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hod3 ]Ɋ& !Xod3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`od3 ]Ɋ& !Xod3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`od3 ]Ɋ& !Xod3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**hod3 ]Ɋ& !Xod3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineSh**od3 ]Ɋ&  !od3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e90afcf-8374-4768-a0cc-a258ee80c474 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ped **od3 ]Ɋ& !od3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e90afcf-8374-4768-a0cc-a258ee80c474 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt**8Xe3 ]Ɋ& !XXe3 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nm8**PXe3 ]Ɋ& !XXe3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idP**PXe3 ]Ɋ& !XXe3 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartP**HXe3 ]Ɋ& !XXe3 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ReH**HXe3 ]Ɋ& !XXe3 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**HXe3 ]Ɋ& !XXe3 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Xe3 ]Ɋ& !Xe3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cad82fe5-7116-4fe7-bb0f-edd135c7ee64 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**Xe3 ]Ɋ& !Xe3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cad82fe5-7116-4fe7-bb0f-edd135c7ee64 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XXe3 ]Ɋ& !XXe3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaX**pXe3 ]Ɋ& !XXe3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**hXe3 ]Ɋ& !XXe3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`Xe3 ]Ɋ& !XXe3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`Xe3 ]Ɋ& !XXe3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=`**`Xe3 ]Ɋ& !XXe3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Xe3 ]Ɋ& !Xe3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92544816-a505-4907-b058-ec6d301ceb82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xe3 ]Ɋ& !Xe3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92544816-a505-4907-b058-ec6d301ceb82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **(e3 ]Ɋ& !Xe3 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@e3 ]Ɋ& !Xe3 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@e3 ]Ɋ& !Xe3 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin@**8e3 ]Ɋ& !Xe3 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8e3 ]Ɋ& !Xe3 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=^8**8e3 ]Ɋ& !Xe3 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== 8**e3 ]Ɋ& !e3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=62869331-8bb0-46ac-884f-95578bacd71e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge**2f3 ]Ɋ& !2f3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=62869331-8bb0-46ac-884f-95578bacd71e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te';**X_g3 ]Ɋ& !X_g3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p_g3 ]Ɋ& !X_g3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX_g3 F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&XElfChnk$]n .Mu=VysMc&&**p _g3 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! S!X_g3 F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **h_g3 ]Ɋ& !X_g3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h_g3 ]Ɋ& !X_g3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h_g3 ]Ɋ& !X_g3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tah**_g3 ]Ɋ&  !_g3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f93107e-1681-452d-bdb0-b55ac7052bdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=02**Rh3 ]Ɋ& !Rh3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f93107e-1681-452d-bdb0-b55ac7052bdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,De**h3 ]Ɋ& '!Xh3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**h3 ]Ɋ& ?!Xh3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**h3 ]Ɋ& ;!Xh3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hel**h3 ]Ɋ& 3!Xh3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**h3 ]Ɋ& 3!Xh3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll **h3 ]Ɋ& 5!Xh3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0h3 ]Ɋ& !h3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7b9eb4c1-971e-414b-bd49-b53779e89653 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng0**@#i3 ]Ɋ& !#i3 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7b9eb4c1-971e-414b-bd49-b53779e89653 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@***g ]Ɋ& )!X*g F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=***g ]Ɋ& A!X*g F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== ***g ]Ɋ& =!X*g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er***g ]Ɋ& 5!X*g F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl***g ]Ɋ& 5!X*g F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e ***g ]Ɋ& 7!X*g F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2**0*g ]Ɋ& !*g F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03cd78fe-b37e-49b2-9acd-52cc70ad6640 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=40**@.g ]Ɋ& !.g F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03cd78fe-b37e-49b2-9acd-52cc70ad6640 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**XWǫg ]Ɋ& !XWǫg F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProX**pWǫg ]Ɋ& !XWǫg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt p**hWǫg ]Ɋ& !XWǫg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sh**`Wǫg ]Ɋ& !XWǫg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**`Wǫg ]Ɋ& !XWǫg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**hWǫg ]Ɋ& !XWǫg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**Wǫg ]Ɋ&  !Wǫg F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17f102de-9c6b-420e-a7c3-b3f7f118175f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aa40**Wǫg ]Ɋ& !Wǫg F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17f102de-9c6b-420e-a7c3-b3f7f118175f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ae**8g ]Ɋ& !Xg F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si8**Pg ]Ɋ& !Xg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leP**Pg ]Ɋ& !Xg F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HoP**Hg ]Ɋ& !Xg F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eNumH**Hg ]Ɋ& !Xg F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**Hg ]Ɋ& !Xg F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ateH**g ]Ɋ& !g F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77ae2408-eac7-4459-bcc4-2e80019c8c8e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber**g ]Ɋ& !g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77ae2408-eac7-4459-bcc4-2e80019c8c8e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XH®g ]Ɋ& !XH®g F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNamX**pH®g ]Ɋ& !XH®g F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hH®g ]Ɋ& !XH®g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**`H®g ]Ɋ& !XH®g F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=('`**`H®g ]Ɋ& !XH®g F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ti`**`H®g ]Ɋ& !XH®g F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1`**H®g ]Ɋ& !H®g F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fabdd3f-d461-4e3b-8497-c00f021a1d06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**H®g ]Ɋ& !H®g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fabdd3f-d461-4e3b-8497-c00f021a1d06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**(ug ]Ɋ& !Xug F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@ug ]Ɋ& !Xug F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@ug ]Ɋ& !Xug F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ace@**8ug ]Ɋ& !Xug F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es[8nstalldate'] ]Ɋ& etXug F&imatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX_g3 F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&XElfChnk"" A ߝMu=VysMc&&**8 ug ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xug F&F%g>9{p(xlMD EventDatauoData !BinaryhRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8ug ]Ɋ& !Xug F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=In8**ug ]Ɋ& !ug F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=174d6b11-5f27-4a06-ad62-3ad1d932f26c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WA** g ]Ɋ& ! g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=174d6b11-5f27-4a06-ad62-3ad1d932f26c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=po**Xdg ]Ɋ& !Xdg F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pdg ]Ɋ& !Xdg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pdg ]Ɋ& !Xdg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**hdg ]Ɋ& !Xdg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**hdg ]Ɋ& !Xdg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNh**hdg ]Ɋ& !Xdg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dBh**dg ]Ɋ&  !dg F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a60a3642-4cd3-4365-93e2-414b292c94aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**g ]Ɋ& !g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a60a3642-4cd3-4365-93e2-414b292c94aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gine**Eg ]Ɋ& '!XEg F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**Eg ]Ɋ& ?!XEg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**Eg ]Ɋ& ;!XEg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Eg ]Ɋ& 3!XEg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsh**Eg ]Ɋ& 3!XEg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Eg ]Ɋ& 5!XEg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=re**0Eg ]Ɋ& !Eg F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8da1bc57-5561-4646-ae91-44962e19dd9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@۞g ]Ɋ& !۞g F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8da1bc57-5561-4646-ae91-44962e19dd9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se@**) ]Ɋ& )!X) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=50b-**) ]Ɋ& A!X) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=C**) ]Ɋ& =!X) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **) ]Ɋ& 5!X) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ) ]Ɋ& 5!X)  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wǫ** ) ]Ɋ& 7!X)  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**0 ) ]Ɋ& !)  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a92b6dbf-6c10-4709-9ec1-c536e47c1872 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@ VΞ ]Ɋ& !VΞ  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a92b6dbf-6c10-4709-9ec1-c536e47c1872 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e |@**X \ ]Ɋ& !X\  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pdaX**p\ ]Ɋ& !X\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nEnp**h\ ]Ɋ& !X\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th**`\ ]Ɋ& !X\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`\ ]Ɋ& !X\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h\ ]Ɋ& !X\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ruh**\ ]Ɋ&  !\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=13af9536-fb30-4600-b20b-09ea08f255d3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pipe**\ ]Ɋ& !\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=13af9536-fb30-4600-b20b-09ea08f255d3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**8d ]Ɋ& !Xd F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**Pd ]Ɋ& !Xd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=unP**Pd ]Ɋ& !Xd F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gineP**Hd ]Ɋ& !Xd F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 65H**Hd ]Ɋ& !Xd F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StriH**Hd ]Ɋ& !Xd F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oluH**d ]Ɋ& !d F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83210c2d-0ca1-492f-a8d1-55a4090c1ee0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=553**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83210c2d-0ca1-492f-a8d1-55a4090c1ee0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arseX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eqh**`  ]Ɋ& !X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`! ]Ɋ& !X! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri`**`" ]Ɋ& !X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`ElfChnk#S#S`h-IMu=VysMc&&**# ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !# F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5896de41-bd09-4f33-9b7b-3e596b44afb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**$ ]Ɋ& !$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5896de41-bd09-4f33-9b7b-3e596b44afb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **(%& ]Ɋ& !X&% F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@&& ]Ɋ& !X&& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@'& ]Ɋ& !X&' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | @**8(& ]Ɋ& !X&( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Se8**8)& ]Ɋ& !X&) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS8**8*& ]Ɋ& !X&* F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**+& ]Ɋ& !&+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2b41c17e-1c0f-40fa-a429-742b1f9141ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si**,( ]Ɋ& !(, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2b41c17e-1c0f-40fa-a429-742b1f9141ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obal**X-U ]Ɋ& !XU- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p.U ]Ɋ& !XU. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.p**p/U ]Ɋ& !XU/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e.pp**h0U ]Ɋ& !XU0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n.Ch**h1U ]Ɋ& !XU1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655h**h2U ]Ɋ& !XU2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pah**3U ]Ɋ&  !U3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48831af5-18eb-4b44-a548-f8c01d89dc23 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4눩 ]Ɋ& !눩4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48831af5-18eb-4b44-a548-f8c01d89dc23 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**5 ]Ɋ& '!X5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**6 ]Ɋ& ?!X6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7 ]Ɋ& ;!X7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8 ]Ɋ& 3!X8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ati**9 ]Ɋ& 3!X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**: ]Ɋ& 5!X: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**0; ]Ɋ& !; F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=36589753-edde-4390-a52a-b87cea45446a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@<E뫯 ]Ɋ& !E뫯< F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=36589753-edde-4390-a52a-b87cea45446a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stri@**= ]Ɋ& )!X= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tanc**> ]Ɋ& A!X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6-4e**? ]Ɋ& =!X? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **@ ]Ɋ& 5!X@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**A ]Ɋ& 5!XA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**B ]Ɋ& 7!XB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0C ]Ɋ& !C F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9f94df0e-549f-4960-99c9-c06ff53c5b60 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m0**@D# ]Ɋ& !#D F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9f94df0e-549f-4960-99c9-c06ff53c5b60 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P@**XE# ]Ɋ& !X#E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0X**pF# ]Ɋ& !X#F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=inep**hG# ]Ɋ& !X#G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh**`H# ]Ɋ& !X#H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`I# ]Ɋ& !X#I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I`**hJ# ]Ɋ& !X#J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nameh**K ]Ɋ&  !K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1489396d-e1ef-4598-8aee-305b3f9f42dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand**L ]Ɋ& !L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1489396d-e1ef-4598-8aee-305b3f9f42dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8M ]Ɋ& !XM F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sc8**PN ]Ɋ& !XN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PO ]Ɋ& !XO F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== P**HP ]Ɋ& !XP F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eId=H**HQ ]Ɋ& !XQ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d= H**HR ]Ɋ& !XR F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RH**S ]Ɋ& !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27fa4741-3dcc-488e-8358-f29ae945b7e6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= mmandName=  ]Ɋ& CommandPath= CommElfChnkTTHMu=VysMc&&**T ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !T F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27fa4741-3dcc-488e-8358-f29ae945b7e6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**XU ]Ɋ& !XU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pV ]Ɋ& !XV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hW ]Ɋ& !XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`X ]Ɋ& !XX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`Y ]Ɋ& !XY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`Z ]Ɋ& !XZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**[ ]Ɋ& ![ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1056b3e4-5f47-463a-b2e4-40ab8842b27f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\PK ]Ɋ& !PK\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1056b3e4-5f47-463a-b2e4-40ab8842b27f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(]PK ]Ɋ& !XPK] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@^PK ]Ɋ& !XPK^ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@_PK ]Ɋ& !XPK_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8`PK ]Ɋ& !XPK` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8aPK ]Ɋ& !XPKa F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8bPK ]Ɋ& !XPKb F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**cPK ]Ɋ& !PKc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c4dd8186-43ca-4d03-a5c0-62555ea1522c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c4dd8186-43ca-4d03-a5c0-62555ea1522c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**Xe ]Ɋ& !Xe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pf ]Ɋ& !Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pg ]Ɋ& !Xg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hh ]Ɋ& !Xh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hi ]Ɋ& !Xi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hj ]Ɋ& !Xj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**k ]Ɋ&  !k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de30b605-a7c2-4d46-a9ec-4fd60ac56bee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**l ]Ɋ& !l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de30b605-a7c2-4d46-a9ec-4fd60ac56bee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**m ]Ɋ& '!Xm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **n ]Ɋ& ?!Xn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**o ]Ɋ& ;!Xo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**p ]Ɋ& 3!Xp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **q ]Ɋ& 3!Xq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**r ]Ɋ& 5!Xr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0s ]Ɋ& !s F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f0c4964a-5369-4687-85e0-ded5a7d1bb55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@t ]Ɋ& !t F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f0c4964a-5369-4687-85e0-ded5a7d1bb55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-c06@**uI}\ ]Ɋ& )!XI}\u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**vI}\ ]Ɋ& A!XI}\v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**wI}\ ]Ɋ& =!XI}\w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=12**xI}\ ]Ɋ& 5!XI}\x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**yI}\ ]Ɋ& 5!XI}\y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**zI}\ ]Ɋ& 7!XI}\z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=#**0{\ ]Ɋ& !\{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=769b8d65-c160-45d1-8623-f4e0eef3314c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@|v\ ]Ɋ& !v\| F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=769b8d65-c160-45d1-8623-f4e0eef3314c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X} G\ ]Ɋ& !X G\} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p~ G\ ]Ɋ& !X G\~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h G\ ]Ɋ& !X G\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**` G\ ]Ɋ& !X G\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**` G\ ]Ɋ& !X G\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**h G\ ]Ɋ& !X G\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh** G\ ]Ɋ&  ! G\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=53162ed1-a291-4ffb-90f0-10d0630b9031 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=! ]Ɋ& at G\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=53162ed1-a291-4ffb-90f0-10d0630b9031 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@[!ݯTL7Mu=VysMc&&** G\ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ! G\ F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=53162ed1-a291-4ffb-90f0-10d0630b9031 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8 G\ ]Ɋ& !X G\ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om8**P G\ ]Ɋ& !X G\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**P G\ ]Ɋ& !X G\ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaP**H G\ ]Ɋ& !X G\ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iptNH**H G\ ]Ɋ& !X G\ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTypH**H G\ ]Ɋ& !X G\ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H** G\ ]Ɋ& ! G\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c059641-dc8c-4487-b246-046e458f19fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** G\ ]Ɋ& ! G\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c059641-dc8c-4487-b246-046e458f19fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X\ ]Ɋ& !X\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulX**p\ ]Ɋ& !X\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={ [p**h\ ]Ɋ& !X\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=54h**`\ ]Ɋ& !X\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rS`**`\ ]Ɋ& !X\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`\ ]Ɋ& !X\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**\ ]Ɋ& !\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6cf37dc5-e8de-4e15-aedc-b45d920cbca4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-**\ ]Ɋ& !\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6cf37dc5-e8de-4e15-aedc-b45d920cbca4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ure**(\ ]Ɋ& !X\ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v(**@\ ]Ɋ& !X\ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K@**@\ ]Ɋ& !X\ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=@**8\ ]Ɋ& !X\ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F8**8\ ]Ɋ& !X\ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam8**8\ ]Ɋ& !X\ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Gl8**\ ]Ɋ& !\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cdf7c4c0-3bb1-4039-9c43-2018a87f1826 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**\ ]Ɋ& !\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cdf7c4c0-3bb1-4039-9c43-2018a87f1826 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tall**X\ ]Ɋ& !X\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\X**p\ ]Ɋ& !X\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\p**p\ ]Ɋ& !X\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=help**h\ ]Ɋ& !X\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ct h**h\ ]Ɋ& !X\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n';h**h\ ]Ɋ& !X\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=([h**\ ]Ɋ&  !\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5404a976-949d-4090-8f6b-5f01c67a866a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta**G\ ]Ɋ& !G\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5404a976-949d-4090-8f6b-5f01c67a866a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omma**t\ ]Ɋ& '!Xt\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**t\ ]Ɋ& ?!Xt\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**t\ ]Ɋ& ;!Xt\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt **t\ ]Ɋ& 3!Xt\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=**t\ ]Ɋ& 3!Xt\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**t\ ]Ɋ& 5!Xt\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0t\ ]Ɋ& !t\ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b7481d81-d9fd-485c-b5ea-584ed602e5d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@ i\ ]Ɋ& ! i\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b7481d81-d9fd-485c-b5ea-584ed602e5d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w@**e® ]Ɋ& )!Xe® F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nter**e® ]Ɋ& A!Xe® F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**e® ]Ɋ& =!Xe® F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**e® ]Ɋ& 5!Xe® F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**e® ]Ɋ& 5!Xe® F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Va**e® ]Ɋ& 7!Xe® F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0e® ]Ɋ& !e® F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03b9b72e-841e-4119-938a-e23c727aea7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@Z ]Ɋ& !Z F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03b9b72e-841e-4119-938a-e23c727aea7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=063@9031 Pipel ]Ɋ& meX F&e=ElfChnkH975޼qMu=VysMc&&**X ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ;!X F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d7b05d6-ee84-4562-9c95-e85f5e989797 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d7b05d6-ee84-4562-9c95-e85f5e989797 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8U ]Ɋ& !XU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PU ]Ɋ& !XU F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PU ]Ɋ& !XU F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HU ]Ɋ& !XU F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HU ]Ɋ& !XU F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**HU ]Ɋ& !XU F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**U ]Ɋ& !U F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=024debce-6c3f-4698-b753-368410998e7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=֘**U ]Ɋ& !U F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=024debce-6c3f-4698-b753-368410998e7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=29708286-efe9-42ab-b78c-f37b65b7f814 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=29708286-efe9-42ab-b78c-f37b65b7f814 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==338**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6d94b3e3-f088-44fc-b3b2-000369e247a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**F ]Ɋ& !F F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6d94b3e3-f088-44fc-b3b2-000369e247a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2caba181-dcbd-438a-adb7-620e7bf0e789 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**' ]Ɋ& !' F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2caba181-dcbd-438a-adb7-620e7bf0e789 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **T߻ ]Ɋ& '!XT߻ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**T߻ ]Ɋ& ?!XT߻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**T߻ ]Ɋ& ;!XT߻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**T߻ ]Ɋ& 3!XT߻ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**T߻ ]Ɋ& 3!XT߻ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**T߻ ]Ɋ& 5!XT߻ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0T߻ ]Ɋ& !T߻ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=386a810d-48b6-4e70-a34b-57107e1fd236 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@w ]Ɋ& !w F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=386a810d-48b6-4e70-a34b-57107e1fd236 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d @pelineId=  ]Ɋ& maXg F&9031 Pipel ]Ɋ& meX F&e=ElfChnkhPz LMu=VysMc&&**g ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xg F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**g ]Ɋ& A!Xg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**g ]Ɋ& =!Xg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**g ]Ɋ& 5!Xg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **g ]Ɋ& 5!Xg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9f**g ]Ɋ& 7!Xg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**0g ]Ɋ& !g F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b2c0f8c-0d1d-4ae8-a41d-69b81bb60db8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b2c0f8c-0d1d-4ae8-a41d-69b81bb60db8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F@**X$ ]Ɋ& !X$ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p$ ]Ɋ& !X$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**h$ ]Ɋ& !X$ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`$ ]Ɋ& !X$ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`$ ]Ɋ& !X$ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h$ ]Ɋ& !X$ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tarth**$ ]Ɋ&  !$ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1d877d6f-4179-441d-bf01-29d2f5a9e75a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **$ ]Ɋ& !$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1d877d6f-4179-441d-bf01-29d2f5a9e75a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mb**8* ]Ɋ& !X* F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne8**P* ]Ɋ& !X* F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=P**P* ]Ɋ& !X* F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtedP**H* ]Ɋ& !X* F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FuH**H* ]Ɋ& !X* F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H* ]Ɋ& !X* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**U ]Ɋ& !U F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4b3b987-9f8f-444d-b2b4-7bce4721ffd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**U ]Ɋ& !U F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4b3b987-9f8f-444d-b2b4-7bce4721ffd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XW ]Ɋ& !XW F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pW ]Ɋ& !XW F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe= p**hW ]Ɋ& !XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`W ]Ɋ& !XW F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt`**`W ]Ɋ& !XW F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`W ]Ɋ& !XW F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**W ]Ɋ& !W F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b271e746-acd5-4410-adf3-92da97826a5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **W ]Ɋ& !W F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b271e746-acd5-4410-adf3-92da97826a5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o('@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayV8**8  ]Ɋ& !X  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8  ]Ɋ& !X  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um8**  ]Ɋ& !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0810aa8a-60aa-4462-845d-85a8c71bea56 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** P ]Ɋ& !P  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0810aa8a-60aa-4462-845d-85a8c71bea56 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= **X 8 ]Ɋ& !X8  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**p8 ]Ɋ& !X8 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**p8 ]Ɋ& !X8 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=181p**h8 ]Ɋ& !X8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**h8 ]Ɋ& !X8 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h8 ]Ɋ& !X8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**8 ]Ɋ&  !8 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17f292e4-1b54-4929-b772-473b2e50f41a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17f292e4-1b54-4929-b772-473b2e50f41a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hell** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4f-b672-aa7d ]Ɋ& reX F&ame . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=386a810d-48b6-4e70-a34b-57107e1fd236 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d @pelineId=  ]Ɋ& maXg F&9031 Pipel ]Ɋ& meX F&e=ElfChnkII@2kTMu=VysMc&&**  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9a5** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b09e6bef-fbc2-4939-9694-e685cb40451e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@)ߚ ]Ɋ& !)ߚ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b09e6bef-fbc2-4939-9694-e685cb40451e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com@** ]Ɋ& )!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== ** ]Ɋ& A!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tSta** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**  ]Ɋ& 5!X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**! ]Ɋ& 5!X! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ve**" ]Ɋ& 7!X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**0# ]Ɋ& !# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7f77ce6-4955-42b5-b616-6a1586a092d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@$+N ]Ɋ& !+N$ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7f77ce6-4955-42b5-b616-6a1586a092d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X% ]Ɋ& !X% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p& ]Ɋ& !X& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h' ]Ɋ& !X' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`( ]Ɋ& !X( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`) ]Ɋ& !X) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h* ]Ɋ& !X* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah**+ ]Ɋ&  !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=411149a8-738b-4717-9182-943c57658161 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New**, ]Ɋ& !, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=411149a8-738b-4717-9182-943c57658161 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**8-X ]Ɋ& !XX- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**P.X ]Ɋ& !XX. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**P/X ]Ɋ& !XX/ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**H0X ]Ɋ& !XX0 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H1X ]Ɋ& !XX1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**H2X ]Ɋ& !XX2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**3X ]Ɋ& !X3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3b4d8889-38a9-4c85-9a91-35bafaeac1c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4X ]Ɋ& !X4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3b4d8889-38a9-4c85-9a91-35bafaeac1c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X5 ]Ɋ& !X5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p6 ]Ɋ& !X6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h7 ]Ɋ& !X7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`8 ]Ɋ& !X8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=70`**`9 ]Ɋ& !X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`: ]Ɋ& !X: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**; ]Ɋ& !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=334248d9-f373-4238-82ac-0692d6039f6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=334248d9-f373-4238-82ac-0692d6039f6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=462**(=I ]Ɋ& !XI= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@>I ]Ɋ& !XI> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@?I ]Ɋ& !XI? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8@I ]Ɋ& !XI@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8AI ]Ɋ& !XIA F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8BI ]Ɋ& !XIB F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8**CI ]Ɋ& !IC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=77ec893e-062c-4d53-aa9d-8a0d7b2d2daf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**DHz ]Ɋ& !HzD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=77ec893e-062c-4d53-aa9d-8a0d7b2d2daf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**XEu ]Ɋ& !XuE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pFu ]Ɋ& !XuF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pGu ]Ɋ& !XuG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**hHu ]Ɋ& !XuH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**hIu ]Ɋ& !XuI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& XuJ F&]Ɋ& meX F&e=ElfChnkJ|J|H6BMu=VysMc&&**p Ju ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!XuJ F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp **Ku ]Ɋ&  !uK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e194fdee-2a1f-4a1e-9a87-587909a5860e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**L D ]Ɋ& ! DL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e194fdee-2a1f-4a1e-9a87-587909a5860e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio**Mܕ ]Ɋ& '!XܕM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**Nܕ ]Ɋ& ?!XܕN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Oܕ ]Ɋ& ;!XܕO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**Pܕ ]Ɋ& 3!XܕP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**Qܕ ]Ɋ& 3!XܕQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t **Rܕ ]Ɋ& 5!XܕR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0Sܕ ]Ɋ& !ܕS F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5646fe52-e89d-4a05-a9b7-ec1e26992634 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1c0**@T9u ]Ɋ& !9uT F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5646fe52-e89d-4a05-a9b7-ec1e26992634 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**U ]Ɋ& )!XU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**V ]Ɋ& A!XV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**W ]Ɋ& =!XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la**X ]Ɋ& 5!XX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**Y ]Ɋ& 5!XY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**Z ]Ɋ& 7!XZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0[ ]Ɋ& ![ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ca6588cc-1fb8-4998-b707-c3b3aad2f4a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@\ ]Ɋ& !\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ca6588cc-1fb8-4998-b707-c3b3aad2f4a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X]r~ ]Ɋ& !Xr~] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p^r~ ]Ɋ& !Xr~^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h_r~ ]Ɋ& !Xr~_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**``r~ ]Ɋ& !Xr~` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X`**`ar~ ]Ɋ& !Xr~a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hbr~ ]Ɋ& !Xr~b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vah**cr~ ]Ɋ&  !r~c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99324e1d-61a7-4e48-989f-ef9fd25c3648 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineS**dr~ ]Ɋ& !r~d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99324e1d-61a7-4e48-989f-ef9fd25c3648 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8er~ ]Ɋ& !Xr~e F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=am8**Pfr~ ]Ɋ& !Xr~f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PP**Pgr~ ]Ɋ& !Xr~g F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSyP**Hhr~ ]Ɋ& !Xr~h F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hir~ ]Ɋ& !Xr~i F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hjr~ ]Ɋ& !Xr~j F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**kr~ ]Ɋ& !r~k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea89f2b0-a0da-4f42-8297-44996b9fb4a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**lr~ ]Ɋ& !r~l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea89f2b0-a0da-4f42-8297-44996b9fb4a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xm  ]Ɋ& !X m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pn  ]Ɋ& !X n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**ho  ]Ɋ& !X o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`p  ]Ɋ& !X p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ps`**`q  ]Ɋ& !X q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`r  ]Ɋ& !X r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q`**s  ]Ɋ& ! s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f14474b-9f30-45d1-bb16-03d3687eac79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**t  ]Ɋ& ! t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f14474b-9f30-45d1-bb16-03d3687eac79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(u  ]Ɋ& !X u F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@v  ]Ɋ& !X v F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S@**@w  ]Ɋ& !X w F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=etC@**8x  ]Ɋ& !X x F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNa8**8y  ]Ɋ& !X y F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8z  ]Ɋ& !X z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**{  ]Ɋ& ! { F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=889733ff-a871-4f9b-afa6-e6cd2ce9c4e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**| ]Ɋ& !| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=889733ff-a871-4f9b-afa6-e6cd2ce9c4e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== riptName=  ]Ɋ& X} F&XuJ F&]Ɋ& meX F&e=ElfChnk}}H"/eR Mu=VysMc&&**` } ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!X} F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **p~ ]Ɋ& !X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=54ce028c-df5c-427f-bb75-561001ca0c83 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**cy ]Ɋ& !cy F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=54ce028c-df5c-427f-bb75-561001ca0c83 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**cy ]Ɋ& '!Xcy F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**cy ]Ɋ& ?!Xcy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**cy ]Ɋ& ;!Xcy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e-9**cy ]Ɋ& 3!Xcy F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=W**cy ]Ɋ& 3!Xcy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9e7**cy ]Ɋ& 5!Xcy F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0cy ]Ɋ& !cy F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=10cae6a5-f4b1-4ba8-8172-bd2ac6ba0402 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=10cae6a5-f4b1-4ba8-8172-bd2ac6ba0402 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**dJp ]Ɋ& )!XdJp F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**dJp ]Ɋ& A!XdJp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **dJp ]Ɋ& =!XdJp F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**dJp ]Ɋ& 5!XdJp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**dJp ]Ɋ& 5!XdJp F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **dJp ]Ɋ& 7!XdJp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0dJp ]Ɋ& !dJp F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c8285cb4-75e9-407e-84ec-4e0c36f25b12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@p ]Ɋ& !p F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c8285cb4-75e9-407e-84ec-4e0c36f25b12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**X{p ]Ɋ& !X{p F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**p{p ]Ɋ& !X{p F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**h{p ]Ɋ& !X{p F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`{p ]Ɋ& !X{p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**`{p ]Ɋ& !X{p F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**h{p ]Ɋ& !X{p F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih**{p ]Ɋ&  !{p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bad0d3fd-9c50-4deb-b220-391cfb149393 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**{p ]Ɋ& !{p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bad0d3fd-9c50-4deb-b220-391cfb149393 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8{p ]Ɋ& !X{p F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**P{p ]Ɋ& !X{p F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**P{p ]Ɋ& !X{p F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**H{p ]Ɋ& !X{p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**H{p ]Ɋ& !X{p F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**H{p ]Ɋ& !X{p F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**{p ]Ɋ& !{p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ee8d13e4-ebfa-407b-9ab9-17a5795fe794 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **{p ]Ɋ& !{p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ee8d13e4-ebfa-407b-9ab9-17a5795fe794 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X'p ]Ɋ& !X'p F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**p'p ]Ɋ& !X'p F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**h'p ]Ɋ& !X'p F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`'p ]Ɋ& !X'p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`'p ]Ɋ& !X'p F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`'p ]Ɋ& !X'p F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**'p ]Ɋ& !'p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8503931d-8d54-4e1c-9375-61da1f0a658f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**'p ]Ɋ& !'p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8503931d-8d54-4e1c-9375-61da1f0a658f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**('p ]Ɋ& !X'p F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@'p ]Ɋ& !X'p F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @riptName=  ]Ɋ& X'p F&XuJ F&]Ɋ& meX F&e=ElfChnkPp6PMu=VysMc&&**@ 'p ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!X'p F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8'p ]Ɋ& !X'p F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8'p ]Ɋ& !X'p F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8'p ]Ɋ& !X'p F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**'p ]Ɋ& !'p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=52e20cf1-a387-48d1-bb8c-b7b11293c0f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re**p ]Ɋ& !p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=52e20cf1-a387-48d1-bb8c-b7b11293c0f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**Xp ]Ɋ& !Xp F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**pp ]Ɋ& !Xp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pp ]Ɋ& !Xp F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**hp ]Ɋ& !Xp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**hp ]Ɋ& !Xp F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hp ]Ɋ& !Xp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**p ]Ɋ&  !p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91004998-56ea-4631-b566-ed72d25f61a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**vp ]Ɋ& !vp F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91004998-56ea-4631-b566-ed72d25f61a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**vp ]Ɋ& '!Xvp F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**vp ]Ɋ& ?!Xvp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**vp ]Ɋ& ;!Xvp F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-49**vp ]Ɋ& 3!Xvp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****vp ]Ɋ& 3!Xvp F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=95a**vp ]Ɋ& 5!Xvp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0vp ]Ɋ& !vp F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c319b108-ae23-4094-ba83-da3aae42b2cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@p ]Ɋ& !p F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c319b108-ae23-4094-ba83-da3aae42b2cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**-  ]Ɋ& )!X-  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**-  ]Ɋ& A!X-  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId**-  ]Ɋ& =!X-  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**-  ]Ɋ& 5!X-  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/**-  ]Ɋ& 5!X-  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=90**-  ]Ɋ& 7!X-  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0E  ]Ɋ& !E  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=791730d1-5365-41da-bf3e-2b41bc449b97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@^  ]Ɋ& !^  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=791730d1-5365-41da-bf3e-2b41bc449b97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**Xc ]Ɋ& !Xc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pc ]Ɋ& !Xc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hc ]Ɋ& !Xc F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`c ]Ɋ& !Xc F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`c ]Ɋ& !Xc F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**hc ]Ɋ& !Xc F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**c ]Ɋ&  !c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6b6c8154-5513-4238-9f0a-499e8ba682c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**c ]Ɋ& !c F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6b6c8154-5513-4238-9f0a-499e8ba682c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8# ]Ɋ& !X# F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**P# ]Ɋ& !X# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**P# ]Ɋ& !X# F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**H# ]Ɋ& !X# F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**H# ]Ɋ& !X# F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**H# ]Ɋ& !X# F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**# ]Ɋ& !# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37f0c842-c9de-4abb-a77b-f8a7b4259407 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**# ]Ɋ& !# F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37f0c842-c9de-4abb-a77b-f8a7b4259407 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**X& ]Ɋ& !X& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**p& ]Ɋ& !X& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h& ]Ɋ& !X& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  X& F&CommandPath= CommandLine= @riptName=  ]Ɋ& X'p F&XuJ F&]Ɋ& meX F&e=ElfChnkXVSX>`Mu=VysMc&&**h& ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X& F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`& ]Ɋ& !X& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`& ]Ɋ& !X& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**& ]Ɋ& !& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03e3caab-8c37-4ab6-9ed0-0bb351b62f87 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **& ]Ɋ& !& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03e3caab-8c37-4ab6-9ed0-0bb351b62f87 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(& ]Ɋ& !X& F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@& ]Ɋ& !X& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@& ]Ɋ& !X& F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8& ]Ɋ& !X& F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8& ]Ɋ& !X& F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8& ]Ɋ& !X& F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8**& ]Ɋ& !& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5dba2fcc-28fc-4320-a0fa-5de467c9df63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5dba2fcc-28fc-4320-a0fa-5de467c9df63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**X4 ]Ɋ& !X4 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p4 ]Ɋ& !X4 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p4 ]Ɋ& !X4 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h4 ]Ɋ& !X4 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**h4 ]Ɋ& !X4 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**h4 ]Ɋ& !X4 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=21h**4 ]Ɋ&  !4 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0dadecd-d3e4-44d2-b3e2-83603abf8232 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **{ ]Ɋ& !{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0dadecd-d3e4-44d2-b3e2-83603abf8232 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base**a ]Ɋ& '!Xa F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**a ]Ɋ& ?!Xa F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**a ]Ɋ& ;!Xa F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe**a ]Ɋ& 3!Xa F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F**a ]Ɋ& 3!Xa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers**a ]Ɋ& 5!Xa F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0a ]Ɋ& !a F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ebcb4ec8-fd67-4e9e-9b26-812373728599 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=490**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ebcb4ec8-fd67-4e9e-9b26-812373728599 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @**Ct ]Ɋ& )!XCt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ct ]Ɋ& A!XCt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ct ]Ɋ& =!XCt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Ct ]Ɋ& 5!XCt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**Ct ]Ɋ& 5!XCt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**Ct ]Ɋ& 7!XCt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0Ct ]Ɋ& !Ct F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8eabc712-ea77-4bc0-9de2-ca89535886ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@t ]Ɋ& !t F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8eabc712-ea77-4bc0-9de2-ca89535886ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==95@**Xtu ]Ɋ& !Xtu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConX**ptu ]Ɋ& !Xtu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVp**htu ]Ɋ& !Xtu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**`tu ]Ɋ& !Xtu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**` tu ]Ɋ& !Xtu  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h tu ]Ɋ& !Xtu  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8a95h** tu ]Ɋ&  !tu  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa27412a-4ed7-4c38-a73b-7aa92bfee29b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=us |** tu ]Ɋ& !tu  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa27412a-4ed7-4c38-a73b-7aa92bfee29b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sE**8 tu ]Ɋ& !Xtu  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**Ptu ]Ɋ& !Xtu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liP**Ptu ]Ɋ& !Xtu F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=36a9P**Htu ]Ɋ& !Xtu F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH]Ɋ& ]Ɋ& Xtu ElfChnkAAHӢ'r5Mu=VysMc&&**Htu ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!Xtu F&F%g>9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**Htu ]Ɋ& !Xtu F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**tu ]Ɋ& !tu F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6bb7d284-76bd-4671-9240-8228f933c006 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**D v ]Ɋ& !D v F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6bb7d284-76bd-4671-9240-8228f933c006 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**XD v ]Ɋ& !XD v F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pD v ]Ɋ& !XD v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hD v ]Ɋ& !XD v F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`D v ]Ɋ& !XD v F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`D v ]Ɋ& !XD v F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`D v ]Ɋ& !XD v F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**D v ]Ɋ& !D v F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad25ad6e-df03-4fc9-893b-e893dadf4698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**D v ]Ɋ& !D v F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad25ad6e-df03-4fc9-893b-e893dadf4698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(D v ]Ɋ& !XD v F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f(**@D v ]Ɋ& !XD v F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@D v ]Ɋ& !XD v F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8 D v ]Ɋ& !XD v  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8!D v ]Ɋ& !XD v! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8"D v ]Ɋ& !XD v" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**#D v ]Ɋ& !D v# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=190561bd-dca9-4140-b9ba-3f8244774f79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **$q>w ]Ɋ& !q>w$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=190561bd-dca9-4140-b9ba-3f8244774f79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**X%w ]Ɋ& !Xw% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p&w ]Ɋ& !Xw& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p'w ]Ɋ& !Xw' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**h(w ]Ɋ& !Xw( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**h)w ]Ɋ& !Xw) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**h*w ]Ɋ& !Xw* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**+w ]Ɋ&  !w+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb9851df-1214-4a0b-a086-22516ffb2f79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,5y ]Ɋ& !5y, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb9851df-1214-4a0b-a086-22516ffb2f79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**-5y ]Ɋ& '!X5y- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **.5y ]Ɋ& ?!X5y. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**/5y ]Ɋ& ;!X5y/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**05y ]Ɋ& 3!X5y0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **15y ]Ɋ& 3!X5y1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**25y ]Ɋ& 5!X5y2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**035y ]Ɋ& !5y3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=59f3c3ef-c46e-47a0-b310-218290b33bc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@4ˠy ]Ɋ& !ˠy4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=59f3c3ef-c46e-47a0-b310-218290b33bc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-ca8@**5I ]Ɋ& )!XI5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**6I ]Ɋ& A!XI6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**7I ]Ɋ& =!XI7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=da**8I ]Ɋ& 5!XI8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**9I ]Ɋ& 5!XI9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**:I ]Ɋ& 7!XI: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0;I ]Ɋ& !I; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4a4db62f-c2f6-42cc-9743-8b588b084b6c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@<v1 ]Ɋ& !v1< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4a4db62f-c2f6-42cc-9743-8b588b084b6c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X=v1 ]Ɋ& !Xv1= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p>v1 ]Ɋ& !Xv1> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h?v1 ]Ɋ& !Xv1? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`@v1 ]Ɋ& !Xv1@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`Av1 ]Ɋ& !Xv1A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==` FH] ]Ɋ& Xv1B F& ElfChnkBrBr)[9Mu=VysMc&&**hBv1 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! I!Xv1B F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**Cv1 ]Ɋ&  !v1C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11eb5e04-d5b3-427f-90dc-28d8f9bf81f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**D  ]Ɋ& ! D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11eb5e04-d5b3-427f-90dc-28d8f9bf81f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8E  ]Ɋ& !X E F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PF  ]Ɋ& !X F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PG  ]Ɋ& !X G F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**HH  ]Ɋ& !X H F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**HI  ]Ɋ& !X I F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**HJ  ]Ɋ& !X J F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H**K  ]Ɋ& ! K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b4be6dc-a9fa-43b0-a10a-ba7dd13c966e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**L  ]Ɋ& ! L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b4be6dc-a9fa-43b0-a10a-ba7dd13c966e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XM  ]Ɋ& !X M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**pN  ]Ɋ& !X N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**hO  ]Ɋ& !X O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`P  ]Ɋ& !X P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`Q  ]Ɋ& !X Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`R  ]Ɋ& !X R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**S  ]Ɋ& ! S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9748c259-489b-4b29-a788-8d402dcace79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Tb ]Ɋ& !bT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9748c259-489b-4b29-a788-8d402dcace79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(Ub ]Ɋ& !XbU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@Vb ]Ɋ& !XbV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@Wb ]Ɋ& !XbW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**8Xb ]Ɋ& !XbX F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8Yb ]Ɋ& !XbY F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8Zb ]Ɋ& !XbZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**[b ]Ɋ& !b[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ebc98f99-b7b0-4bcd-a377-f3d3e2618cd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**\: ]Ɋ& !:\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ebc98f99-b7b0-4bcd-a377-f3d3e2618cd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**X]g, ]Ɋ& !Xg,] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**p^g, ]Ɋ& !Xg,^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p_g, ]Ɋ& !Xg,_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfop**h`g, ]Ɋ& !Xg,` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insh**hag, ]Ɋ& !Xg,a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIdh**hbg, ]Ɋ& !Xg,b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omh**cg, ]Ɋ&  !g,c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70502d55-5636-4b18-a9b6-629fde6c1e67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70502d55-5636-4b18-a9b6-629fde6c1e67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oleH**e ]Ɋ& '!Xe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**f ]Ɋ& ?!Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**g ]Ɋ& ;!Xg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**h ]Ɋ& 3!Xh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **i ]Ɋ& 3!Xi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame**j ]Ɋ& 5!Xj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rs**0k ]Ɋ& !k F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4fa8168d-6674-48dd-b8b0-639d252f933a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er0**@l* ]Ɋ& !*l F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4fa8168d-6674-48dd-b8b0-639d252f933a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=84b6@**m.VW ]Ɋ& )!X.VWm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=prod**n.VW ]Ɋ& A!X.VWn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se**o.VW ]Ɋ& =!X.VWo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**p.VW ]Ɋ& 5!X.VWp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**q.VW ]Ɋ& 5!X.VWq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**r.VW ]Ɋ& 7!X.VWr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkssAºrMu=VysMc&&**8sW ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Ws F&F%g>9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=63a7b921-8e69-4e8e-85b7-4ddf233dc6b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@t[W ]Ɋ& ![Wt F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=63a7b921-8e69-4e8e-85b7-4ddf233dc6b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**Xu[W ]Ɋ& !X[Wu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**pv[W ]Ɋ& !X[Wv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**hw[W ]Ɋ& !X[Ww F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**`x[W ]Ɋ& !X[Wx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**`y[W ]Ɋ& !X[Wy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**hz[W ]Ɋ& !X[Wz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh**{[W ]Ɋ&  ![W{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5f17f238-d78e-45b6-a0e8-9d91b27f7de2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**|W ]Ɋ& !W| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5f17f238-d78e-45b6-a0e8-9d91b27f7de2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8}W ]Ɋ& !XW} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**P~W ]Ɋ& !XW~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**PW ]Ɋ& !XW F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**HW ]Ɋ& !XW F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**HW ]Ɋ& !XW F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**HW ]Ɋ& !XW F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH**W ]Ɋ& !W F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f24271db-de07-4fff-a5d1-51e11d7bcf20 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN**W ]Ɋ& !W F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f24271db-de07-4fff-a5d1-51e11d7bcf20 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XW ]Ɋ& !XW F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==974X**pW ]Ɋ& !XW F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hW ]Ɋ& !XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**`W ]Ɋ& !XW F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**`W ]Ɋ& !XW F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**`W ]Ɋ& !XW F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**W ]Ɋ& !W F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be5a9760-5309-4ce9-ae0c-308b3a5b1d00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**W ]Ɋ& !W F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be5a9760-5309-4ce9-ae0c-308b3a5b1d00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(W ]Ɋ& !XW F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@W ]Ɋ& !XW F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@W ]Ɋ& !XW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**8W ]Ɋ& !XW F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**8W ]Ɋ& !XW F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**8W ]Ɋ& !XW F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**W ]Ɋ& !W F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cc20cf5d-58da-407e-9dce-f3a32c90f469 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru**QX ]Ɋ& !QX F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cc20cf5d-58da-407e-9dce-f3a32c90f469 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**XX ]Ɋ& !XX F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**pX ]Ɋ& !XX F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**pX ]Ɋ& !XX F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**hX ]Ɋ& !XX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**hX ]Ɋ& !XX F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**hX ]Ɋ& !XX F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**X ]Ɋ&  !X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4ed675d-8735-4d91-bb56-495874832ddf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**yX ]Ɋ& !yX F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4ed675d-8735-4d91-bb56-495874832ddf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var**yX ]Ɋ& '!XyX F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**yX ]Ɋ& ?!XyX F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**yX ]Ɋ& ;!XyX F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**yX ]Ɋ& 3!XyX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**yX ]Ɋ& 3!XyX F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**yX ]Ɋ& 5!XyX F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 35yX F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**r.VW ]Ɋ& 7!X.VWr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkH2СHMu=VysMc&&**8 yX ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !yX F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cd89cad9-31de-4e4b-a018-d6e1b813cc91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7-a8 **@X ]Ɋ& !X F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cd89cad9-31de-4e4b-a018-d6e1b813cc91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**, ]Ɋ& )!X, F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**, ]Ɋ& A!X, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **, ]Ɋ& =!X, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **, ]Ɋ& 5!X, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fb**, ]Ɋ& 5!X, F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**, ]Ɋ& 7!X, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0, ]Ɋ& !, F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a577c1c0-e846-4484-a6eb-5687cfb5fcf0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@&^ ]Ɋ& !&^ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a577c1c0-e846-4484-a6eb-5687cfb5fcf0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**X&^ ]Ɋ& !X&^ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=~X**p&^ ]Ɋ& !X&^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h&^ ]Ɋ& !X&^ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`&^ ]Ɋ& !X&^ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`&^ ]Ɋ& !X&^ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h&^ ]Ɋ& !X&^ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wh**&^ ]Ɋ&  !&^ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46cb79aa-e288-4f62-8787-df4c2b61afba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46cb79aa-e288-4f62-8787-df4c2b61afba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a3db7a4-0f7e-4d96-a173-8eb033f12ba7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a3db7a4-0f7e-4d96-a173-8eb033f12ba7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a3`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=adfd5897-edd9-4ca7-8707-d5d97561ee31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=adfd5897-edd9-4ca7-8707-d5d97561ee31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(S ]Ɋ& !XS F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@S ]Ɋ& !XS F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@S ]Ɋ& !XS F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**8S ]Ɋ& !XS F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**8S ]Ɋ& !XS F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8S ]Ɋ& !XS F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**S ]Ɋ& !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dad9e88f-ebc0-4375-984b-df275e52371b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**' ]Ɋ& !' F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dad9e88f-ebc0-4375-984b-df275e52371b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**XY ]Ɋ& !XY F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**pY ]Ɋ& !XY F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pY ]Ɋ& !XY F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**hY ]Ɋ& !XY F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**hY ]Ɋ& !XY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**hY ]Ɋ& !XY F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**Y ]Ɋ&  !Y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2f7d7949-9a0c-4e71-b39b-cf2ea3813f25 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2f7d7949-9a0c-4e71-b39b-cf2ea3813f25 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=35yX ]Ɋ&  CX F&ommandPath= CommandLine=wP**r.VW ]Ɋ& 7!X.VWr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk(\bDzMu=VysMc&&**  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d ** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b82aee44-0a45-48ef-a475-f99ed658cb50 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@" ]Ɋ& !" F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b82aee44-0a45-48ef-a475-f99ed658cb50 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @**P ]Ɋ& )!XP F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**P ]Ɋ& A!XP F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsta**P ]Ɋ& =!XP F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c7**P ]Ɋ& 5!XP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**P ]Ɋ& 5!XP F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**P ]Ɋ& 7!XP F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0P ]Ɋ& !P F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e0263b8a-fd0e-4d8c-8347-3150d336e8af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**@"Q ]Ɋ& !"Q F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e0263b8a-fd0e-4d8c-8347-3150d336e8af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**X"Q ]Ɋ& !X"Q F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p"Q ]Ɋ& !X"Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h"Q ]Ɋ& !X"Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`"Q ]Ɋ& !X"Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**`"Q ]Ɋ& !X"Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h"Q ]Ɋ& !X"Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**"Q ]Ɋ&  !"Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=283740ac-d4f6-4008-a40f-ed34db93c191 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**"Q ]Ɋ& !"Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=283740ac-d4f6-4008-a40f-ed34db93c191 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8R ]Ɋ& !XR F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PR ]Ɋ& !XR F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PR ]Ɋ& !XR F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stP**HR ]Ɋ& !XR F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**HR ]Ɋ& !XR F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**HR ]Ɋ& !XR F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ameH**R ]Ɋ& !R F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03748201-34e8-40a6-a96a-fb18d5f0012e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **R ]Ɋ& !R F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03748201-34e8-40a6-a96a-fb18d5f0012e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XR ]Ɋ& !XR F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortX**pR ]Ɋ& !XR F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=se.pp**hR ]Ɋ& !XR F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cah**`R ]Ɋ& !XR F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`R ]Ɋ& !XR F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**`R ]Ɋ& !XR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**R ]Ɋ& !R F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f795954d-3847-472b-a582-e21b464e9839 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R**R ]Ɋ& !R F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f795954d-3847-472b-a582-e21b464e9839 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obj**(O"S ]Ɋ& !XO"S F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@O"S ]Ɋ& !XO"S F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@O"S ]Ɋ& !XO"S F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=195@**8O"S ]Ɋ& !XO"S F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8O"S ]Ɋ& !XO"S F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tNa8**8O"S ]Ɋ& !XO"S F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge8**O"S ]Ɋ& !O"S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=40c060b8-b541-46dc-bbf5-a097791c1360 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=al**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=40c060b8-b541-46dc-bbf5-a097791c1360 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=432N**XT ]Ɋ& !XT F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EX**pT ]Ɋ& !XT F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pT ]Ɋ& !XT F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=pnsoleHost  ]Ɋ& 5-XT F&n=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk::'KeMu=VysMc&&**h T ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!XT F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h T ]Ɋ& !XT  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**h T ]Ɋ& !XT  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch** T ]Ɋ&  !T  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a58ccee-60db-4222-a877-f552c7f3e0a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-** U ]Ɋ& !U  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a58ccee-60db-4222-a877-f552c7f3e0a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst** U ]Ɋ& '!XU  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**U ]Ɋ& ?!XU F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**U ]Ɋ& ;!XU F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**U ]Ɋ& 3!XU F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**U ]Ɋ& 3!XU F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**U ]Ɋ& 5!XU F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**0U ]Ɋ& !U F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4ffa3281-9376-4856-8bce-38513b4debf5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@ֵV ]Ɋ& !ֵV F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4ffa3281-9376-4856-8bce-38513b4debf5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**;j ]Ɋ& )!X;j F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**;j ]Ɋ& A!X;j F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**;j ]Ɋ& =!X;j F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**;j ]Ɋ& 5!X;j F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g **;j ]Ɋ& 5!X;j F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na**;j ]Ɋ& 7!X;j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0;j ]Ɋ& !;j F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2495fbe2-865d-4b35-9dbf-73f3fd7f1314 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f0**@=j ]Ɋ& !=j F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2495fbe2-865d-4b35-9dbf-73f3fd7f1314 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C@**XA>j ]Ɋ& !XA>j F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artX**pA>j ]Ɋ& !XA>j F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceNp**hA>j ]Ɋ& !XA>j F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**` A>j ]Ɋ& !XA>j  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**`!A>j ]Ɋ& !XA>j! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s`**h"A>j ]Ɋ& !XA>j" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 h**#A>j ]Ɋ&  !A>j# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=432f47b9-89d0-4046-a992-0d5460821e2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ppli**$A>j ]Ɋ& !A>j$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=432f47b9-89d0-4046-a992-0d5460821e2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**8%A>j ]Ɋ& !XA>j% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b-8**P&A>j ]Ɋ& !XA>j& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e3P**P'A>j ]Ɋ& !XA>j' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HP**H(A>j ]Ɋ& !XA>j( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVerH**H)A>j ]Ɋ& !XA>j) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leHoH**H*A>j ]Ɋ& !XA>j* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stNH**+A>j ]Ɋ& !A>j+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2c706afc-9f47-4767-a416-03cc2006b13f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsi**,>j ]Ɋ& !>j, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2c706afc-9f47-4767-a416-03cc2006b13f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**X->j ]Ɋ& !X>j- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SX**p.>j ]Ɋ& !X>j. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Op**h/>j ]Ɋ& !X>j/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**`0>j ]Ɋ& !X>j0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`1>j ]Ɋ& !X>j1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll`**`2>j ]Ɋ& !X>j2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**3>j ]Ɋ& !>j3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=da81694a-1d57-43c3-adfb-eca54e1b292f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**4>j ]Ɋ& !>j4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=da81694a-1d57-43c3-adfb-eca54e1b292f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uen**(5>j ]Ɋ& !X>j5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t(**@6>j ]Ɋ& !X>j6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@7>j ]Ɋ& !X>j7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**88>j ]Ɋ& !X>j8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liz8**89>j ]Ɋ& !X>j9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin8**8:>j ]Ɋ& !X>j: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnk;l;l@bvMu=VysMc&&** ;>j ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! m!>j; F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=13ce94aa-3613-417e-bbfd-1d43e548d81d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio **< @j ]Ɋ& ! @j< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=13ce94aa-3613-417e-bbfd-1d43e548d81d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izat**X=Q@j ]Ɋ& !XQ@j= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p>Q@j ]Ɋ& !XQ@j> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**p?Q@j ]Ɋ& !XQ@j? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=opep**h@Q@j ]Ɋ& !XQ@j@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ltuh**hAQ@j ]Ɋ& !XQ@jA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hBQ@j ]Ɋ& !XQ@jB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Idh**C**8]5 ]Ɋ& !X5] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt8**P^5 ]Ɋ& !X5^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipP**P_5 ]Ɋ& !X5_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CommP**H`5 ]Ɋ& !X5` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**Ha5 ]Ɋ& !X5a F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PipH**Hb5 ]Ɋ& !X5b F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspH**c5 ]Ɋ& !5c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4afa9f9-d152-4dae-9da5-903bad21a51b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**d5 ]Ɋ& !5d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4afa9f9-d152-4dae-9da5-903bad21a51b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**Xeb6 ]Ɋ& !Xb6e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIdX**pfb6 ]Ɋ& !Xb6f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obalp**hgb6 ]Ɋ& !Xb6g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=x h**`hb6 ]Ɋ& !Xb6h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`ib6 ]Ɋ& !Xb6i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`jb6 ]Ɋ& !Xb6j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**kb6 ]Ɋ& !b6k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=385b1f8a-e8b3-48eb-b5b5-52038a0b008d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**lb6 ]Ɋ& !b6l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=385b1f8a-e8b3-48eb-b5b5-52038a0b008d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= EnneVersion=  ]Ɋ& maXb6m F&ndPath= CommandLine=8F& ElfChnkmmdRYMu=VysMc&&**0 mb6 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xb6m F&F%g>9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0 **@nb6 ]Ɋ& !Xb6n F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P@**@ob6 ]Ɋ& !Xb6o F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lue@**8pb6 ]Ɋ& !Xb6p F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndo8**8qb6 ]Ɋ& !Xb6q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 8**8rb6 ]Ɋ& !Xb6r F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er8**sb6 ]Ɋ& !b6s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9e63a37d-4f2f-43ab-9c59-0dca1e3a1732 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Q@**t7 ]Ɋ& !7t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9e63a37d-4f2f-43ab-9c59-0dca1e3a1732 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **Xu8 ]Ɋ& !X8u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**pv8 ]Ɋ& !X8v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**pw8 ]Ɋ& !X8w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rinp**hx8 ]Ɋ& !X8x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hy8 ]Ɋ& !X8y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipth**hz8 ]Ɋ& !X8z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**{8 ]Ɋ&  !8{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae8c5cf0-56e0-49a5-a0b6-e61b164e13b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eg**|9 ]Ɋ& !9| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae8c5cf0-56e0-49a5-a0b6-e61b164e13b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=325-**}9 ]Ɋ& '!X9} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**~9 ]Ɋ& ?!X9~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**9 ]Ɋ& ;!X9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **9 ]Ɋ& 3!X9 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**9 ]Ɋ& 3!X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **9 ]Ɋ& 5!X9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**09 ]Ɋ& !9 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9f0eb862-c379-4cf3-a542-a05e515863d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si0**@: ]Ɋ& !: F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9f0eb862-c379-4cf3-a542-a05e515863d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**W  ]Ɋ& )!XW  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**W  ]Ɋ& A!XW  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**W  ]Ɋ& =!XW  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mI**W  ]Ɋ& 5!XW  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-3**W  ]Ɋ& 5!XW  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**W  ]Ɋ& 7!XW  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**0W  ]Ɋ& !W  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2bd7170-64d6-4b38-ace7-433bb0a00188 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@W  ]Ɋ& !W  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2bd7170-64d6-4b38-ace7-433bb0a00188 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XW  ]Ɋ& !XW  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= X**pW  ]Ɋ& !XW  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=^p**hW  ]Ɋ& !XW  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`W  ]Ɋ& !XW  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`W  ]Ɋ& !XW  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hW  ]Ɋ& !XW  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**W  ]Ɋ&  !W  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b15d405d-069e-4671-ad6e-7c60c51b1671 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=None**W  ]Ɋ& !W  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b15d405d-069e-4671-ad6e-7c60c51b1671 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**8GW  ]Ɋ& !XGW  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e8**PGW  ]Ɋ& !XGW  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PGW  ]Ɋ& !XGW  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HGW  ]Ɋ& !XGW  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HGW  ]Ɋ& !XGW  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HGW  ]Ɋ& !XGW  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**GW  ]Ɋ& !GW  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cf8bfe19-609d-43af-b0cd-a20f91f584c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**GW  ]Ɋ& !GW  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cf8bfe19-609d-43af-b0cd-a20f91f584c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X޲W  ]Ɋ& !X޲W  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mandXne= En ]Ɋ& X޲W  F& F&ndPath= CommandLine=8F& ElfChnk@M#Z媙Mu=VysMc&&**p޲W  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!X޲W  F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**h޲W  ]Ɋ& !X޲W  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**`޲W  ]Ɋ& !X޲W  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`޲W  ]Ɋ& !X޲W  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0f`**`޲W  ]Ɋ& !X޲W  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**޲W  ]Ɋ& !޲W  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a26e7b11-9d55-4a54-9d48-47dc721277b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**޲W  ]Ɋ& !޲W  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a26e7b11-9d55-4a54-9d48-47dc721277b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**(tKW  ]Ɋ& !XtKW  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@tKW  ]Ɋ& !XtKW  F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@tKW  ]Ɋ& !XtKW  F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**8tKW  ]Ɋ& !XtKW  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8tKW  ]Ɋ& !XtKW  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**8tKW  ]Ɋ& !XtKW  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**tKW  ]Ɋ& !tKW  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8a9f1873-57c9-48f1-a090-2157c18f0c62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**|W  ]Ɋ& !|W  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8a9f1873-57c9-48f1-a090-2157c18f0c62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**XW  ]Ɋ& !XW  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pW  ]Ɋ& !XW  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ep**pW  ]Ɋ& !XW  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**hW  ]Ɋ& !XW  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hW  ]Ɋ& !XW  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hW  ]Ɋ& !XW  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**UAW  ]Ɋ&  !UAW  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=864b6910-00fa-4554-bf44-a78dff41c46f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **W  ]Ɋ& !W  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=864b6910-00fa-4554-bf44-a78dff41c46f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4e3**rW  ]Ɋ& '!XrW  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**rW  ]Ɋ& ?!XrW  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**rW  ]Ɋ& ;!XrW  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que**rW  ]Ɋ& 3!XrW  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**rW  ]Ɋ& 3!XrW  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**rW  ]Ɋ& 5!XrW  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0rW  ]Ɋ& !rW  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d55677b0-604f-4130-b613-8f804cd6e2d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@ W  ]Ɋ& ! W  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d55677b0-604f-4130-b613-8f804cd6e2d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**λ  ]Ɋ& )!Xλ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**λ  ]Ɋ& A!Xλ  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**λ  ]Ɋ& =!Xλ  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **λ  ]Ɋ& 5!Xλ  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=07**λ  ]Ɋ& 5!Xλ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**λ  ]Ɋ& 7!Xλ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0ϻ  ]Ɋ& !ϻ  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2d00bf7-2d40-416f-90f7-dea5b9567e78 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@)л  ]Ɋ& !)л  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2d00bf7-2d40-416f-90f7-dea5b9567e78 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XFл  ]Ɋ& !XFл  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**pFл  ]Ɋ& !XFл  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hFл  ]Ɋ& !XFл  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`Fл  ]Ɋ& !XFл  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Fл  ]Ɋ& !XFл  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hFл  ]Ɋ& !XFл  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**Fл  ]Ɋ&  !Fл  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8dd22f9d-500a-4a54-adc3-ba073d1e1f4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng**Fл  ]Ɋ& !Fл  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8dd22f9d-500a-4a54-adc3-ba073d1e1f4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8Fл  ]Ɋ& !XFл  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**PFл  ]Ɋ& !XFл  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF& F&ndPath= CommandLine=8F& ElfChnk )0&FRMu=VysMc&&**PFл  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!XFл  F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**HFл  ]Ɋ& !XFл  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**HFл  ]Ɋ& !XFл  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**HFл  ]Ɋ& !XFл  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH**Fл  ]Ɋ& !Fл  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8012e690-b4d7-44c7-97ff-7e51de28f889 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**Fл  ]Ɋ& !Fл  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8012e690-b4d7-44c7-97ff-7e51de28f889 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**XZѻ  ]Ɋ& !XZѻ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**pZѻ  ]Ɋ& !XZѻ  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**hZѻ  ]Ɋ& !XZѻ  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**`Zѻ  ]Ɋ& !XZѻ  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=30`**`Zѻ  ]Ɋ& !XZѻ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**`Zѻ  ]Ɋ& !XZѻ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Zѻ  ]Ɋ& !Zѻ  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0c9f347c-2f8c-4958-b078-8ab8131ece7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**Zѻ  ]Ɋ& !Zѻ  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0c9f347c-2f8c-4958-b078-8ab8131ece7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**(Zѻ  ]Ɋ& !XZѻ  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8(**@Zѻ  ]Ɋ& !XZѻ  F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@Zѻ  ]Ɋ& !XZѻ  F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**8Zѻ  ]Ɋ& !XZѻ  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**8Zѻ  ]Ɋ& !XZѻ  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**8Zѻ  ]Ɋ& !XZѻ  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Zѻ  ]Ɋ& !Zѻ  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7432d54a-a455-41d2-acf1-ded26609e98e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** һ  ]Ɋ& ! һ  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7432d54a-a455-41d2-acf1-ded26609e98e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**X$ӻ  ]Ɋ& !X$ӻ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p$ӻ  ]Ɋ& !X$ӻ  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**p$ӻ  ]Ɋ& !X$ӻ  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**h$ӻ  ]Ɋ& !X$ӻ  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**h$ӻ  ]Ɋ& !X$ӻ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**h$ӻ  ]Ɋ& !X$ӻ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**$ӻ  ]Ɋ&  !$ӻ  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7be0fbac-0358-40e9-ae0e-962d3fcef025 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**UԻ  ]Ɋ& !UԻ  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7be0fbac-0358-40e9-ae0e-962d3fcef025 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq**UԻ  ]Ɋ& '!XUԻ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**UԻ  ]Ɋ& ?!XUԻ  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**UԻ  ]Ɋ& ;!XUԻ  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**UԻ  ]Ɋ& 3!XUԻ  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, **UԻ  ]Ɋ& 3!XUԻ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**UԻ  ]Ɋ& 5!XUԻ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0UԻ  ]Ɋ& !UԻ  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2b9277ed-ecc0-4d84-8cae-97c90aaced57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@dԻ  ]Ɋ& !dԻ  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2b9277ed-ecc0-4d84-8cae-97c90aaced57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**,x ]Ɋ& )!X,x F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**,x ]Ɋ& A!X,x F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**,x ]Ɋ& =!X,x F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**,x ]Ɋ& 5!X,x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**,x ]Ɋ& 5!X,x F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**,x ]Ɋ& 7!X,x F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0,x ]Ɋ& !,x F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=90085dab-ef54-4db5-85f6-c3d2fbd86096 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@YIx ]Ɋ& !YIx F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=90085dab-ef54-4db5-85f6-c3d2fbd86096 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**XYIx ]Ɋ& !XYIx F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e1fX**pYIx ]Ɋ& !XYIx F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**hYIx ]Ɋ& !XYIx F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XYIx F&dLine=8F& ElfChnk//(?>ldMu=VysMc&&**hYIx ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!XYIx F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fh**`YIx ]Ɋ& !XYIx F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hYIx ]Ɋ& !XYIx F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**YIx ]Ɋ&  !YIx F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae7acff0-e65f-408a-878b-77d2d4218bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**x ]Ɋ& !x F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae7acff0-e65f-408a-878b-77d2d4218bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**8x ]Ɋ& !Xx F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Px ]Ɋ& !Xx F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Px ]Ɋ& !Xx F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hx ]Ɋ& !Xx F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H x ]Ɋ& !Xx  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H x ]Ɋ& !Xx  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H** x ]Ɋ& !x  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cab634aa-57d5-49be-a59d-154ab391d214 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** zx ]Ɋ& !zx  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cab634aa-57d5-49be-a59d-154ab391d214 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X zx ]Ɋ& !Xzx  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**pzx ]Ɋ& !Xzx F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**hzx ]Ɋ& !Xzx F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**`zx ]Ɋ& !Xzx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`zx ]Ɋ& !Xzx F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`zx ]Ɋ& !Xzx F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**zx ]Ɋ& !zx F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc56d2d1-d256-4e70-9a90-a550571ae195 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**zx ]Ɋ& !zx F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc56d2d1-d256-4e70-9a90-a550571ae195 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**(zx ]Ɋ& !Xzx F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@zx ]Ɋ& !Xzx F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@zx ]Ɋ& !Xzx F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**8zx ]Ɋ& !Xzx F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**8zx ]Ɋ& !Xzx F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8788**8zx ]Ɋ& !Xzx F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**zx ]Ɋ& !zx F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=53407b1b-ec67-47d6-a44b-592290d31649 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**x ]Ɋ& !x F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=53407b1b-ec67-47d6-a44b-592290d31649 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **Xx ]Ɋ& !Xx F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**px ]Ɋ& !Xx F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**px ]Ɋ& !Xx F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**h x ]Ɋ& !Xx  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**h!x ]Ɋ& !Xx! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h"x ]Ɋ& !Xx" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**#x ]Ɋ&  !x# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d882c6ec-c983-4a9d-9118-87fbb8acc3e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **$vux ]Ɋ& !vux$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d882c6ec-c983-4a9d-9118-87fbb8acc3e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **%x ]Ɋ& '!Xx% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**&x ]Ɋ& ?!Xx& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**'x ]Ɋ& ;!Xx' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**(x ]Ɋ& 3!Xx( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**)x ]Ɋ& 3!Xx) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS***x ]Ɋ& 5!Xx* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**0+x ]Ɋ& !x+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3e3f402d-584d-4365-ad3f-840f9d21b9ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@,:?x ]Ɋ& !:?x, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3e3f402d-584d-4365-ad3f-840f9d21b9ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**-{ ]Ɋ& )!X{- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**.{ ]Ɋ& A!X{. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**/{ ]Ɋ& =!X{/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNX{0 F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XYIx F&dLine=8F& ElfChnk0`0`p!Mu=VysMc&&**0{ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X{0 F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **1{ ]Ɋ& 5!X{1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**2{ ]Ɋ& 7!X{2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**03{ ]Ɋ& !{3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c59c7cc-a2d4-448f-8217-4bbbb1a3f1bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@4 ]Ɋ& !4 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c59c7cc-a2d4-448f-8217-4bbbb1a3f1bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1d4@**X5> ]Ɋ& !X>5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**p6> ]Ɋ& !X>6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=72ep**h7> ]Ɋ& !X>7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eh**`8> ]Ɋ& !X>8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`9> ]Ɋ& !X>9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h:> ]Ɋ& !X>: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**;> ]Ɋ&  !>; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d30df1cb-5e99-4a83-b6b6-6fd16093b8df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS**<> ]Ɋ& !>< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d30df1cb-5e99-4a83-b6b6-6fd16093b8df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8= ]Ɋ& !X= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**P> ]Ɋ& !X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**P? ]Ɋ& !X? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**H@ ]Ɋ& !X@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**HA ]Ɋ& !XA F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**HB ]Ɋ& !XB F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=15bH**C ]Ɋ& !C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd723b41-5ff0-4b66-b39f-048a72a90cb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd723b41-5ff0-4b66-b39f-048a72a90cb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**XEk ]Ɋ& !XkE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e449X**pFk ]Ɋ& !XkF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**hGk ]Ɋ& !XkG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`Hk ]Ɋ& !XkH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**`Ik ]Ɋ& !XkI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`Jk ]Ɋ& !XkJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`**Kk ]Ɋ& !kK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a7dac10b-cc09-49a2-9aef-ac186488218d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**Lk ]Ɋ& !kL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a7dac10b-cc09-49a2-9aef-ac186488218d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4bc**(MI ]Ɋ& !XIM F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@NI ]Ɋ& !XIN F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@OI ]Ɋ& !XIO F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8PI ]Ɋ& !XIP F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8QI ]Ɋ& !XIQ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8RI ]Ɋ& !XIR F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8**SI ]Ɋ& !IS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=363af690-f70c-428c-9a86-03ec0b73ca8b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e2**T ]Ɋ& !T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=363af690-f70c-428c-9a86-03ec0b73ca8b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**XUC ]Ɋ& !XCU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**pVC ]Ɋ& !XCV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pWC ]Ɋ& !XCW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hXC ]Ɋ& !XCX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**hYC ]Ɋ& !XCY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**hZC ]Ɋ& !XCZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fah**[C ]Ɋ&  !C[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ae6532b-6f21-42fb-bafc-4d1ed9ab5f89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**\ ]Ɋ& !\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ae6532b-6f21-42fb-bafc-4d1ed9ab5f89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue**] ]Ɋ& '!X] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**^ ]Ɋ& ?!X^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**_ ]Ɋ& ;!X_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**` ]Ɋ& 3!X` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioXa F&44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNX{0 F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XYIx F&dLine=8F& ElfChnkaaHO·eMMu=VysMc&&** a ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xa F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **b ]Ɋ& 5!Xb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine={**0c ]Ɋ& !c F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f60c585e-9a80-49d7-a148-d7f25ae04bce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=930**@d  ]Ɋ& ! d F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f60c585e-9a80-49d7-a148-d7f25ae04bce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**e; ]Ɋ& )!X;e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **f; ]Ɋ& A!X;f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**g; ]Ɋ& =!X;g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**h; ]Ɋ& 5!X;h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4b**i; ]Ɋ& 5!X;i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns**j; ]Ɋ& 7!X;j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0k; ]Ɋ& !;k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=884d30cb-1685-44df-b9bd-dcceba6d17c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@lĺ; ]Ɋ& !ĺ;l F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=884d30cb-1685-44df-b9bd-dcceba6d17c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**Xmĺ; ]Ɋ& !Xĺ;m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**pnĺ; ]Ɋ& !Xĺ;n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hoĺ; ]Ɋ& !Xĺ;o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`pĺ; ]Ɋ& !Xĺ;p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`qĺ; ]Ɋ& !Xĺ;q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hrĺ; ]Ɋ& !Xĺ;r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh**s[S; ]Ɋ&  ![S;s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b62a5664-1e8b-434e-9ea9-306bfafdfc4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe**t[S; ]Ɋ& ![S;t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b62a5664-1e8b-434e-9ea9-306bfafdfc4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**8u[S; ]Ɋ& !X[S;u F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**Pv[S; ]Ɋ& !X[S;v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**Pw[S; ]Ɋ& !X[S;w F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hx[S; ]Ɋ& !X[S;x F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**Hy[S; ]Ɋ& !X[S;y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hz[S; ]Ɋ& !X[S;z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**{[S; ]Ɋ& ![S;{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=971762cf-78dc-4ea4-bee5-9bfc729dd76f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|; ]Ɋ& !;| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=971762cf-78dc-4ea4-bee5-9bfc729dd76f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X}; ]Ɋ& !X;} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**p~; ]Ɋ& !X;~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h; ]Ɋ& !X; F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`; ]Ɋ& !X; F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fd`**`; ]Ɋ& !X; F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**`; ]Ɋ& !X; F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**; ]Ɋ& !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=69bef2d4-b8fc-4687-8e3b-993e010680c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**; ]Ɋ& !; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=69bef2d4-b8fc-4687-8e3b-993e010680c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==36**(; ]Ɋ& !X; F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@; ]Ɋ& !X; F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@; ]Ɋ& !X; F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**8; ]Ɋ& !X; F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8; ]Ɋ& !X; F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8; ]Ɋ& !X; F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**; ]Ɋ& !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=01c06351-b019-466d-bd1b-d47686018d9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S**; ]Ɋ& !; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=01c06351-b019-466d-bd1b-d47686018d9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**X; ]Ɋ& !X; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p; ]Ɋ& !X; F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p; ]Ɋ& !X; F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**h; ]Ɋ& !X; F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**h; ]Ɋ& !X; F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**h; ]Ɋ& !X; F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=349d7535-a486-44a5-b47b-a2fbb28b0799 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk8?`˸$Mu=VysMc&&** ; ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !; F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=349d7535-a486-44a5-b47b-a2fbb28b0799 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art **9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **p? ]Ɋ& !X? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**h? ]Ɋ& !X? F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**h? ]Ɋ& !X? F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h? ]Ɋ& !X? F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**? ]Ɋ&  !? F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c75cbdf-db36-4968-9053-e91820268058 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**l8 ]Ɋ& !l8 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c75cbdf-db36-4968-9053-e91820268058 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d75** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=539** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=04dce558-6506-42a0-8f11-29fe2cafe892 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@i ]Ɋ& !i F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=04dce558-6506-42a0-8f11-29fe2cafe892 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Ѐ ]Ɋ& )!XЀ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **Ѐ ]Ɋ& A!XЀ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**Ѐ ]Ɋ& =!XЀ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**Ѐ ]Ɋ& 5!XЀ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**Ѐ ]Ɋ& 5!XЀ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**Ѐ ]Ɋ& 7!XЀ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0Ѐ ]Ɋ& !Ѐ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a5135fc-2c02-4e50-847b-44364612c2ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@g ]Ɋ& !g F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a5135fc-2c02-4e50-847b-44364612c2ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=10cd5252-ed1a-4f08-a43e-7dfb0d2855fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=10cd5252-ed1a-4f08-a43e-7dfb0d2855fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8J ]Ɋ& !XJ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**PJ ]Ɋ& !XJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PJ ]Ɋ& !XJ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**HJ ]Ɋ& !XJ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HJ ]Ɋ& !XJ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HJ ]Ɋ& !XJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**J ]Ɋ& !J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=360910f9-8210-4b19-bba8-dc7a2e4cfc2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**J ]Ɋ& !J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=360910f9-8210-4b19-bba8-dc7a2e4cfc2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X* ]Ɋ& !X* F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**p* ]Ɋ& !X* F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**h* ]Ɋ& !X* F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`* ]Ɋ& !X* F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`* ]Ɋ& !X* F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`* ]Ɋ& !X* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`*** ]Ɋ& !* F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa541d28-d8a0-4b39-9b34-6896401bbee5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a*** ]Ɋ& !* F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa541d28-d8a0-4b39-9b34-6896401bbee5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**({ ]Ɋ& !X{ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@{ ]Ɋ& !X{ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@{ ]Ɋ& !X{ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@ 65535 Eng ]Ɋ& ndX{ F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X? F&aceId=349d7535-a486-44a5-b47b-a2fbb28b0799 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk((pMu=VysMc&&**8 { ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X{ F&F%g>9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8{ ]Ɋ& !X{ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8{ ]Ɋ& !X{ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8**{ ]Ɋ& !{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bf10f4c2-a179-4fa7-b88f-f158ab753044 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=03**W ]Ɋ& !W F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bf10f4c2-a179-4fa7-b88f-f158ab753044 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**XH ]Ɋ& !XH F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pH ]Ɋ& !XH F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**pH ]Ɋ& !XH F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hH ]Ɋ& !XH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**hH ]Ɋ& !XH F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**hH ]Ɋ& !XH F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8-h**H ]Ɋ&  !H F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=552e8b58-41df-4802-842c-096e71fcb058 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O**ާ ]Ɋ& !ާ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=552e8b58-41df-4802-842c-096e71fcb058 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[**u@ ]Ɋ& '!Xu@ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**u@ ]Ɋ& ?!Xu@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**u@ ]Ɋ& ;!Xu@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**u@ ]Ɋ& 3!Xu@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** u@ ]Ɋ& 3!Xu@  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp** u@ ]Ɋ& 5!Xu@  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**0 u@ ]Ɋ& !u@  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9a53fe87-f4f4-4673-88f4-1c8dc15d6709 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@ q ]Ɋ& !q  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9a53fe87-f4f4-4673-88f4-1c8dc15d6709 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@** BKN ]Ɋ& )!XBKN  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**BKN ]Ɋ& A!XBKN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**BKN ]Ɋ& =!XBKN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**BKN ]Ɋ& 5!XBKN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**BKN ]Ɋ& 5!XBKN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**BKN ]Ɋ& 7!XBKN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0\KN ]Ɋ& !\KN F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9297f52a-55e0-4d1b-b1fa-6bb274de87f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@sLN ]Ɋ& !sLN F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9297f52a-55e0-4d1b-b1fa-6bb274de87f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6e-@**X MN ]Ɋ& !X MN F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**p MN ]Ɋ& !X MN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**h MN ]Ɋ& !X MN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5h**` MN ]Ɋ& !X MN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**` MN ]Ɋ& !X MN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5`**h MN ]Ɋ& !X MN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph** MN ]Ɋ&  ! MN F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de55cc96-7e18-4303-853c-7cf5d2dd323d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru** MN ]Ɋ& ! MN F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de55cc96-7e18-4303-853c-7cf5d2dd323d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8MN ]Ɋ& !XMN F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**PMN ]Ɋ& !XMN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**PMN ]Ɋ& !XMN F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**H MN ]Ɋ& !XMN  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bd16H**H!MN ]Ɋ& !XMN! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-bb6H**H"MN ]Ɋ& !XMN" F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce-H**#MN ]Ɋ& !MN# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b134f794-131c-484e-9b40-8fc7a9dd65d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6bf**$MN ]Ɋ& !MN$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b134f794-131c-484e-9b40-8fc7a9dd65d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**X%MN ]Ɋ& !XMN% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**p&MN ]Ɋ& !XMN& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**h'MN ]Ɋ& !XMN' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`(MN ]Ɋ& !XMN( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CXMN) F&wid@ 65535 Eng ]Ɋ& ndX{ F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X? F&aceId=349d7535-a486-44a5-b47b-a2fbb28b0799 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk)Z)ZhL<97Mu=VysMc&&**h)MN ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!XMN) F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`*MN ]Ɋ& !XMN* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**+MN ]Ɋ& !MN+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00573e81-f5a0-4765-89c4-8a2cea8a3f44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**,MN ]Ɋ& !MN, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00573e81-f5a0-4765-89c4-8a2cea8a3f44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(-=NN ]Ɋ& !X=NN- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@.=NN ]Ɋ& !X=NN. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0@**@/=NN ]Ɋ& !X=NN/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**80=NN ]Ɋ& !X=NN0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**81=NN ]Ɋ& !X=NN1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**82=NN ]Ɋ& !X=NN2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**3=NN ]Ɋ& !=NN3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c007f07d-461f-4adb-8127-49a943670f45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**4LNN ]Ɋ& !LNN4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c007f07d-461f-4adb-8127-49a943670f45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X5PN ]Ɋ& !XPN5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p6PN ]Ɋ& !XPN6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p7PN ]Ɋ& !XPN7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h8PN ]Ɋ& !XPN8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h9PN ]Ɋ& !XPN9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h:PN ]Ɋ& !XPN: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**;PN ]Ɋ&  !PN; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb02e2f2-9580-4de2-b066-5baecdcb6cee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**<8QN ]Ɋ& !8QN< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb02e2f2-9580-4de2-b066-5baecdcb6cee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring**=8QN ]Ɋ& '!X8QN= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**>8QN ]Ɋ& ?!X8QN> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**?8QN ]Ɋ& ;!X8QN? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@8QN ]Ɋ& 3!X8QN@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==27**A8QN ]Ɋ& 3!X8QNA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**B8QN ]Ɋ& 5!X8QNB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f4**0C8QN ]Ɋ& !8QNC F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d3e18ffe-7052-4348-a9b9-fc5faae201b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@DiRN ]Ɋ& !iRND F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d3e18ffe-7052-4348-a9b9-fc5faae201b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**E ]Ɋ& !XE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**F ]Ɋ& !XF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**G ]Ɋ& !XG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= M**H ]Ɋ&  !XH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**I ]Ɋ&  !XI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=duc**J ]Ɋ&  !XJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**K ]Ɋ& ]!K F&:AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=4.0 RunspaceId=ed27adc1-23b1-4edf-adfc-3bdf26f1ce02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=60**L@ ]Ɋ& i!@L F&FStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=4.0 RunspaceId=ed27adc1-23b1-4edf-adfc-3bdf26f1ce02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=1**Mw ]Ɋ& )!XwM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=MN**Nw ]Ɋ& A!XwN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ow ]Ɋ& =!XwO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**Pw ]Ɋ& 5!XwP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**Qw ]Ɋ& 5!XwQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gi**Rw ]Ɋ& 7!XwR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0Sw ]Ɋ& !wS F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4171f354-10a7-407b-9275-a35a78ee2bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t0**@Tw ]Ɋ& !wT F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4171f354-10a7-407b-9275-a35a78ee2bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=usS@**XUw ]Ɋ& !XwU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rStX**pVw ]Ɋ& !XwV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Wmp**hWw ]Ɋ& !XwW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eh**`Xw ]Ɋ& !XwX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h`**`Yw ]Ɋ& !XwY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h`**hZw ]Ɋ& !XwZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h F& ]Ɋ& Piw[ F&mmandType= ScriptName= CommandPath= CommandLine=ElfChnk[[L Ptn(Mu=VysMc&&**[w ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !w[ F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4609a55c-796d-4bc6-a38c-52a8a9a5190f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\w ]Ɋ& !w\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4609a55c-796d-4bc6-a38c-52a8a9a5190f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F**8]w ]Ɋ& !Xw] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P^w ]Ɋ& !Xw^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=anP**P_w ]Ɋ& !Xw_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-objP**H`w ]Ɋ& !Xw` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s['iH**Haw ]Ɋ& !Xwa F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppH**Hbw ]Ɋ& !Xwb F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedH**cw ]Ɋ& !wc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c9e3bdc-1574-40d8-8712-685b848ef2c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**dw ]Ɋ& !wd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c9e3bdc-1574-40d8-8712-685b848ef2c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xew ]Ɋ& !Xwe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RX**pfw ]Ɋ& !Xwf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfo]p**hgw ]Ɋ& !Xwg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lth**`hw ]Ɋ& !Xwh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= S`**`iw ]Ɋ& !Xwi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pi`**`jw ]Ɋ& !Xwj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=D`**kw ]Ɋ& !wk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52d8cf8c-17c2-4ff6-8a0e-551786b3789c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**l2Ow ]Ɋ& !2Owl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52d8cf8c-17c2-4ff6-8a0e-551786b3789c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(m2Ow ]Ɋ& !X2Owm F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5(**@n2Ow ]Ɋ& !X2Own F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@o2Ow ]Ɋ& !X2Owo F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:\S@**8p2Ow ]Ɋ& !X2Owp F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3998**8q2Ow ]Ɋ& !X2Owq F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8r2Ow ]Ɋ& !X2Owr F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==48**s2Ow ]Ɋ& !2Ows F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=04f31d02-d928-4a34-8aba-94dd1c4386a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= O**tw ]Ɋ& !wt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=04f31d02-d928-4a34-8aba-94dd1c4386a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultu**Xuw ]Ɋ& !Xwu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6X**pvw ]Ɋ& !Xwv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pww ]Ɋ& !Xww F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Patp**hxw ]Ɋ& !Xwx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hyw ]Ɋ& !Xwy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hzw ]Ɋ& !Xwz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**{w ]Ɋ&  !w{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03b861a9-0cd3-46de-9c19-dbdbdb99e349 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=***|w ]Ɋ& !w| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03b861a9-0cd3-46de-9c19-dbdbdb99e349 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**}w ]Ɋ& '!Xw} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**~w ]Ɋ& ?!Xw~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**w ]Ɋ& ;!Xw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==1 **w ]Ɋ& 3!Xw F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **w ]Ɋ& 3!Xw F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **w ]Ɋ& 5!Xw F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp**0w ]Ɋ& !w F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4fd62f76-df96-4a27-953e-be19a76d25b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e70**@w ]Ɋ& !w F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4fd62f76-df96-4a27-953e-be19a76d25b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= @**x ]Ɋ& )!Xx F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspa**x ]Ɋ& A!Xx F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me, **x ]Ɋ& =!Xx F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**x ]Ɋ& 5!Xx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1a**x ]Ɋ& 5!Xx F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=so**x ]Ɋ& 7!Xx F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0XWy ]Ɋ& !XWy F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8e728ea3-568f-49e2-9c10-c3710e187ce8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N0e= CommandPath= CommandLine=ElfChnkX1ѢuMu=VysMc&&**@y ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!y F&F%g>9{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8e728ea3-568f-49e2-9c10-c3710e187ce8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xz ]Ɋ& !Xz F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bc6X**pz ]Ɋ& !Xz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**hz ]Ɋ& !Xz F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`z ]Ɋ& !Xz F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`z ]Ɋ& !Xz F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hz ]Ɋ& !Xz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**z ]Ɋ&  !z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dee7215c-bb51-4849-ab6c-c5a99a4bc03e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**z ]Ɋ& !z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dee7215c-bb51-4849-ab6c-c5a99a4bc03e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8z ]Ɋ& !Xz F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**Pz ]Ɋ& !Xz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**Pz ]Ɋ& !Xz F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**Hz ]Ɋ& !Xz F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**Hz ]Ɋ& !Xz F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**Hz ]Ɋ& !Xz F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**z ]Ɋ& !z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=251520fc-3bca-4d58-8b09-cbe7f8e3c792 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**z ]Ɋ& !z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=251520fc-3bca-4d58-8b09-cbe7f8e3c792 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**X!{ ]Ɋ& !X!{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-551X**p!{ ]Ɋ& !X!{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h!{ ]Ɋ& !X!{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`!{ ]Ɋ& !X!{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b-`**`!{ ]Ɋ& !X!{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`!{ ]Ɋ& !X!{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**!{ ]Ɋ& !!{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00594839-174a-4324-b1b1-4896c8dd288d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**!{ ]Ɋ& !!{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00594839-174a-4324-b1b1-4896c8dd288d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(!{ ]Ɋ& !X!{ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@!{ ]Ɋ& !X!{ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@!{ ]Ɋ& !X!{ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8!{ ]Ɋ& !X!{ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8!{ ]Ɋ& !X!{ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8!{ ]Ɋ& !X!{ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**!{ ]Ɋ& !!{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e472164d-8974-4a73-8608-3fcf2091cbd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **HR| ]Ɋ& !HR| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e472164d-8974-4a73-8608-3fcf2091cbd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**Xu} ]Ɋ& !Xu} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pu} ]Ɋ& !Xu} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pu} ]Ɋ& !Xu} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**hu} ]Ɋ& !Xu} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**hu} ]Ɋ& !Xu} F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**hu} ]Ɋ& !Xu} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh**u} ]Ɋ&  !u} F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=032c19ef-872e-4153-98b6-c174fc070ce4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ~ ]Ɋ& ! ~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=032c19ef-872e-4153-98b6-c174fc070ce4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**~ ]Ɋ& '!X~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**~ ]Ɋ& ?!X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**~ ]Ɋ& ;!X~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ]Ɋ& 3!X~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro**~ ]Ɋ& 3!X~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ]Ɋ& 5!X~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0~ ]Ɋ& !~ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7e686d54-2ff6-4099-863d-79306b9e2a27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os9M F&on=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8e728ea3-568f-49e2-9c10-c3710e187ce8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N0e= CommandPath= CommandLine=ElfChnkp5GMu=VysMc&&**@ 9M ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!9M F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7e686d54-2ff6-4099-863d-79306b9e2a27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ **,V?! ]Ɋ& )!X,V?! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=3 **,V?! ]Ɋ& A!X,V?! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNa**,V?! ]Ɋ& =!X,V?! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,V?! ]Ɋ& 5!X,V?! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **,V?! ]Ɋ& 5!X,V?! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**,V?! ]Ɋ& 7!X,V?! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0,V?! ]Ɋ& !,V?! F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e06b7b9-2447-4245-a016-5aafea978193 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@^W?! ]Ɋ& !^W?! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e06b7b9-2447-4245-a016-5aafea978193 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X^W?! ]Ɋ& !X^W?! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p^W?! ]Ɋ& !X^W?! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h^W?! ]Ɋ& !X^W?! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`^W?! ]Ɋ& !X^W?! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`^W?! ]Ɋ& !X^W?! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h^W?! ]Ɋ& !X^W?! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**^W?! ]Ɋ&  !^W?! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2718ee48-d69a-47c0-841a-753a4b82476f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **^W?! ]Ɋ& !^W?! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2718ee48-d69a-47c0-841a-753a4b82476f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8iY?! ]Ɋ& !XiY?! F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**PiY?! ]Ɋ& !XiY?! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**PiY?! ]Ɋ& !XiY?! F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**HiY?! ]Ɋ& !XiY?! F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**HiY?! ]Ɋ& !XiY?! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**HiY?! ]Ɋ& !XiY?! F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**iY?! ]Ɋ& !iY?! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ba30705-657e-4650-80a5-05ed8dfd586d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**iY?! ]Ɋ& !iY?! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ba30705-657e-4650-80a5-05ed8dfd586d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**XiY?! ]Ɋ& !XiY?! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**piY?! ]Ɋ& !XiY?! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**hiY?! ]Ɋ& !XiY?! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`iY?! ]Ɋ& !XiY?! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`iY?! ]Ɋ& !XiY?! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`iY?! ]Ɋ& !XiY?! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**iY?! ]Ɋ& !iY?! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0af057d9-8741-417e-998f-7dcf2de269ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**YZ?! ]Ɋ& !YZ?! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0af057d9-8741-417e-998f-7dcf2de269ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(YZ?! ]Ɋ& !XYZ?! F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d(**@YZ?! ]Ɋ& !XYZ?! F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@YZ?! ]Ɋ& !XYZ?! F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8YZ?! ]Ɋ& !XYZ?! F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8YZ?! ]Ɋ& !XYZ?! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8YZ?! ]Ɋ& !XYZ?! F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**YZ?! ]Ɋ& !YZ?! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3f4c9986-7132-4d5d-8d6b-874505bcd773 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**Z?! ]Ɋ& !Z?! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3f4c9986-7132-4d5d-8d6b-874505bcd773 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**X_?! ]Ɋ& !X_?! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p_?! ]Ɋ& !X_?! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p_?! ]Ɋ& !X_?! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**h_?! ]Ɋ& !X_?! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**h_?! ]Ɋ& !X_?! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7ceh**h_?! ]Ɋ& !X_?! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**_?! ]Ɋ&  !_?! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d93439a8-70d9-49a4-9102-5370f0e7b57b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**J_?! ]Ɋ& !J_?! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d93439a8-70d9-49a4-9102-5370f0e7b57b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**J_?! ]Ɋ& '!XJ_?! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(n-US')))}} | ]Ɋ& dOXJ_?! F&=4.0 RunspaceId=7e686d54-2ff6-4099-863d-79306b9e2a27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os9M F&on=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8e728ea3-568f-49e2-9c10-c3710e187ce8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N0e= CommandPath= CommandLine=ElfChnk 0RTLCMu=VysMc&&** J_?! ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XJ_?! F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt **J_?! ]Ɋ& ;!XJ_?! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**J_?! ]Ɋ& 3!XJ_?! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma**J_?! ]Ɋ& 3!XJ_?! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0**J_?! ]Ɋ& 5!XJ_?! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0J_?! ]Ɋ& !J_?! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a13a792e-dbf9-45d4-8be9-d326d077b836 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI0**@w`?! ]Ɋ& !w`?! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a13a792e-dbf9-45d4-8be9-d326d077b836 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**" ]Ɋ& )!X" F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**" ]Ɋ& A!X" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntiv**" ]Ɋ& =!X" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**" ]Ɋ& 5!X" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=be**" ]Ɋ& 5!X" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um**" ]Ɋ& 7!X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0" ]Ɋ& !" F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae73fcf2-4fde-447b-bfee-dba63c449ed1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@2" ]Ɋ& !2" F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae73fcf2-4fde-447b-bfee-dba63c449ed1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= @**X" ]Ɋ& !X" F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==X**p" ]Ɋ& !X" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iYp**h" ]Ɋ& !X" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`" ]Ɋ& !X" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`" ]Ɋ& !X" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h" ]Ɋ& !X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**" ]Ɋ&  !" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0043f964-8de0-46f8-9b34-583f73dd3a00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ڸ**" ]Ɋ& !" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0043f964-8de0-46f8-9b34-583f73dd3a00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8" ]Ɋ& !X" F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P" ]Ɋ& !X" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P" ]Ɋ& !X" F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H" ]Ɋ& !X" F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H " ]Ɋ& !X"  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H " ]Ɋ& !X"  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H** " ]Ɋ& !"  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b6fc0b7b-9afe-4810-9795-e84cec9c3ff3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**** c" ]Ɋ& !c"  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b6fc0b7b-9afe-4810-9795-e84cec9c3ff3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**X c" ]Ɋ& !Xc"  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginX**pc" ]Ɋ& !Xc" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hc" ]Ɋ& !Xc" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leh**`c" ]Ɋ& !Xc" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H`**`c" ]Ɋ& !Xc" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`c" ]Ɋ& !Xc" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**c" ]Ɋ& !c" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=41ab4b99-ecb4-4357-8f6e-272311aa2020 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**c" ]Ɋ& !c" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=41ab4b99-ecb4-4357-8f6e-272311aa2020 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**(F" ]Ɋ& !XF" F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@F" ]Ɋ& !XF" F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@F" ]Ɋ& !XF" F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= en@**8F" ]Ɋ& !XF" F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8F" ]Ɋ& !XF" F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_8**8F" ]Ɋ& !XF" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**F" ]Ɋ& !F" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=78d9ba32-c50b-4547-b0f2-b8c8cc00f183 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='i**ܔ" ]Ɋ& !ܔ" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=78d9ba32-c50b-4547-b0f2-b8c8cc00f183 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | f**X " ]Ɋ& !X " F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p " ]Ɋ& !X " F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=op**p " ]Ɋ& !X " F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,Dp**h " ]Ɋ& !X "  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nabhd | Out-Stri ]Ɋ& d=X "! F&e187ce8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N0e= CommandPath= CommandLine=ElfChnk!S!Sd[bAMu=VysMc&&**h ! " ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!X "! F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h" " ]Ɋ& !X "" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**# " ]Ɋ&  ! "# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6ed39405-58ec-4016-a89f-545421c11b9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**$^" ]Ɋ& !^"$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6ed39405-58ec-4016-a89f-545421c11b9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**%6" ]Ɋ& '!X6"% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**&6" ]Ɋ& ?!X6"& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**'6" ]Ɋ& ;!X6"' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b35**(6" ]Ɋ& 3!X6"( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**)6" ]Ɋ& 3!X6") F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5c9***6" ]Ɋ& 5!X6"* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0+6" ]Ɋ& !6"+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d05b8a77-4e12-4c82-bd55-cf8fa1be5a29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@,͏" ]Ɋ& !͏", F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d05b8a77-4e12-4c82-bd55-cf8fa1be5a29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**-gi$ ]Ɋ& )!Xgi$- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **.gi$ ]Ɋ& A!Xgi$. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**/gi$ ]Ɋ& =!Xgi$/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**0gi$ ]Ɋ& 5!Xgi$0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**1gi$ ]Ɋ& 5!Xgi$1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**2gi$ ]Ɋ& 7!Xgi$2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**03gi$ ]Ɋ& !gi$3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1e798c4-d074-451e-b080-2cd36dcc29a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@4$ ii$ ]Ɋ& !$ ii$4 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1e798c4-d074-451e-b080-2cd36dcc29a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**X5$ ii$ ]Ɋ& !X$ ii$5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p6$ ii$ ]Ɋ& !X$ ii$6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**h7$ ii$ ]Ɋ& !X$ ii$7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`8$ ii$ ]Ɋ& !X$ ii$8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`9$ ii$ ]Ɋ& !X$ ii$9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h:$ ii$ ]Ɋ& !X$ ii$: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**;$ ii$ ]Ɋ&  !$ ii$; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7b479ae-b92c-4559-865c-17a230318f61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**<ii$ ]Ɋ& !ii$< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7b479ae-b92c-4559-865c-17a230318f61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8=ii$ ]Ɋ& !Xii$= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**P>ii$ ]Ɋ& !Xii$> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P?ii$ ]Ɋ& !Xii$? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**H@ii$ ]Ɋ& !Xii$@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HAii$ ]Ɋ& !Xii$A F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HBii$ ]Ɋ& !Xii$B F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**Cii$ ]Ɋ& !ii$C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59dc80be-380d-48bf-a69c-e258a7681623 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**Dii$ ]Ɋ& !ii$D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59dc80be-380d-48bf-a69c-e258a7681623 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XEii$ ]Ɋ& !Xii$E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**pFii$ ]Ɋ& !Xii$F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**hGii$ ]Ɋ& !Xii$G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`Hii$ ]Ɋ& !Xii$H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`Iii$ ]Ɋ& !Xii$I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`Jii$ ]Ɋ& !Xii$J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**Kii$ ]Ɋ& !ii$K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e312706d-de0f-4403-af70-51e8e10de698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**LQ;ji$ ]Ɋ& !Q;ji$L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e312706d-de0f-4403-af70-51e8e10de698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(MQ;ji$ ]Ɋ& !XQ;ji$M F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@NQ;ji$ ]Ɋ& !XQ;ji$N F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@OQ;ji$ ]Ɋ& !XQ;ji$O F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@**8PQ;ji$ ]Ɋ& !XQ;ji$P F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da8**8QQ;ji$ ]Ɋ& !XQ;ji$Q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\Un8**8RQ;ji$ ]Ɋ& !XQ;ji$R F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on8**SQ;ji$ ]Ɋ& !Q;ji$S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ced85dbc-e602-4d76-ac3c-f0c399a26271 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id CommandNam ]Ɋ&  ji$T F&ndPath= CommandLine=ElfChnkTTp Mu=VysMc&&** Tji$ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! y!ji$T F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ced85dbc-e602-4d76-ac3c-f0c399a26271 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XUli$ ]Ɋ& !Xli$U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sX**pVli$ ]Ɋ& !Xli$V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pWli$ ]Ɋ& !Xli$W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izep**hXli$ ]Ɋ& !Xli$X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**hYli$ ]Ɋ& !Xli$Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**hZli$ ]Ɋ& !Xli$Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6h**[li$ ]Ɋ&  !li$[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7f331ec-176d-424a-b6f9-a5b44734ba9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**\li$ ]Ɋ& !li$\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7f331ec-176d-424a-b6f9-a5b44734ba9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**]B6mi$ ]Ɋ& '!XB6mi$] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**^B6mi$ ]Ɋ& ?!XB6mi$^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**_B6mi$ ]Ɋ& ;!XB6mi$_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta**`B6mi$ ]Ɋ& 3!XB6mi$` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**aB6mi$ ]Ɋ& 3!XB6mi$a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ate**bB6mi$ ]Ɋ& 5!XB6mi$b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**0cB6mi$ ]Ɋ& !B6mi$c F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a5ce03f1-adc8-42ef-8e7c-2a537cbcdf89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st0**@dmi$ ]Ɋ& !mi$d F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a5ce03f1-adc8-42ef-8e7c-2a537cbcdf89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam@**e#9& ]Ɋ& )!X#9&e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**f#9& ]Ɋ& A!X#9&f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**g#9& ]Ɋ& =!X#9&g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**h#9& ]Ɋ& 5!X#9&h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**i#9& ]Ɋ& 5!X#9&i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**j#9& ]Ɋ& 7!X#9&j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0k#9& ]Ɋ& !#9&k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=78c4208c-9251-493f-9fb2-56dc1313ade9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@lP:& ]Ɋ& !P:&l F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=78c4208c-9251-493f-9fb2-56dc1313ade9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**XmP:& ]Ɋ& !XP:&m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CX**pnP:& ]Ɋ& !XP:&n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**hoP:& ]Ɋ& !XP:&o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`pP:& ]Ɋ& !XP:&p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`qP:& ]Ɋ& !XP:&q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hrP:& ]Ɋ& !XP:&r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**sP:& ]Ɋ&  !P:&s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e262cc4e-6d51-4570-a829-211439df01bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**tn;& ]Ɋ& !n;&t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e262cc4e-6d51-4570-a829-211439df01bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ew**8un;& ]Ɋ& !Xn;&u F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pvn;& ]Ɋ& !Xn;&v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pwn;& ]Ɋ& !Xn;&w F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hxn;& ]Ɋ& !Xn;&x F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hyn;& ]Ɋ& !Xn;&y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**Hzn;& ]Ɋ& !Xn;&z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=JH**{n;& ]Ɋ& !n;&{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=98764d34-a4f7-471f-ae35-def91f1dad35 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|}<& ]Ɋ& !}<&| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=98764d34-a4f7-471f-ae35-def91f1dad35 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X}}<& ]Ɋ& !X}<&} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPatX**p~}<& ]Ɋ& !X}<&~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginp**h}<& ]Ɋ& !X}<& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alh**`}<& ]Ɋ& !X}<& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fi`**`}<& ]Ɋ& !X}<& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`}<& ]Ɋ& !X}<& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**}<& ]Ɋ& !}<& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a14fc828-0149-4c32-b61a-604fda05293c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**}<& ]Ɋ& !}<& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a14fc828-0149-4c32-b61a-604fda05293c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(<& ]Ɋ& !X<& F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(andType= S ]Ɋ&  X<& F&  ji$T F&ndPath= CommandLine=ElfChnk0X&afMu=VysMc&&**H <& ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! '!X<& F&F%g>9{p(xlMD EventDatauoData !BinarytEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptH **@<& ]Ɋ& !X<& F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIn@**8<& ]Ɋ& !X<& F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=isp8**8<& ]Ɋ& !X<& F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8<& ]Ɋ& !X<& F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc8**<& ]Ɋ& !<& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=08c4f3e9-40c7-4cce-8114-fd2b209250c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8=& ]Ɋ& !8=& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=08c4f3e9-40c7-4cce-8114-fd2b209250c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNa**X?& ]Ɋ& !X?& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p?& ]Ɋ& !X?& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p?& ]Ɋ& !X?& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7f3p**h?& ]Ɋ& !X?& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**h?& ]Ɋ& !X?& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B6mh**h?& ]Ɋ& !X?& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**?& ]Ɋ&  !?& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c85114d6-7d0d-4c31-9ba2-65b0e67c3d08 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**3@& ]Ɋ& !3@& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c85114d6-7d0d-4c31-9ba2-65b0e67c3d08 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wers**1@& ]Ɋ& '!X1@& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**1@& ]Ɋ& ?!X1@& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**1@& ]Ɋ& ;!X1@& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**1@& ]Ɋ& 3!X1@& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**1@& ]Ɋ& 3!X1@& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**1@& ]Ɋ& 5!X1@& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **01@& ]Ɋ& !1@& F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7c24804e-c147-4dc9-b374-04b93e22b326 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2c0**@dA& ]Ɋ& !dA& F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7c24804e-c147-4dc9-b374-04b93e22b326 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**=,) ]Ɋ& )!X=,) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam**=,) ]Ɋ& A!X=,) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**=,) ]Ɋ& =!X=,) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= A**=,) ]Ɋ& 5!X=,) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**=,) ]Ɋ& 5!X=,) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**=,) ]Ɋ& 7!X=,) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0=,) ]Ɋ& !=,) F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e150e075-07f0-4e00-a463-866d9dc5b02f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@j-) ]Ɋ& !j-) F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e150e075-07f0-4e00-a463-866d9dc5b02f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xj-) ]Ɋ& !Xj-) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pj-) ]Ɋ& !Xj-) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hj-) ]Ɋ& !Xj-) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`j-) ]Ɋ& !Xj-) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`j-) ]Ɋ& !Xj-) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hj-) ]Ɋ& !Xj-) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**j-) ]Ɋ&  !j-) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=15122e06-444f-4397-a7db-7a0742c5f58a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Non**j-) ]Ɋ& !j-) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=15122e06-444f-4397-a7db-7a0742c5f58a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8.) ]Ɋ& !X.) F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s 8**P.) ]Ɋ& !X.) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNP**P.) ]Ɋ& !X.) F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StaP**H.) ]Ɋ& !X.) F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H.) ]Ɋ& !X.) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H.) ]Ɋ& !X.) F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=}H**.) ]Ɋ& !.) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2de78812-122b-4fe3-aa62-524600fb67f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**.) ]Ɋ& !.) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2de78812-122b-4fe3-aa62-524600fb67f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X.) ]Ɋ& !X.) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p.) ]Ɋ& !X.) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndTyp= ScriptNa ]Ɋ& = X.) F&  X<& F&  ji$T F&ndPath= CommandLine=ElfChnk(x@ReMu=VysMc&&**p.) ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!X.) F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**`.) ]Ɋ& !X.) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io`**`.) ]Ɋ& !X.) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le`**`.) ]Ɋ& !X.) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**.) ]Ɋ& !.) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=855a4043-2065-4b53-b2e2-871aad12950c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**.) ]Ɋ& !.) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=855a4043-2065-4b53-b2e2-871aad12950c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**(//) ]Ɋ& !X//) F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@//) ]Ɋ& !X//) F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=?@**@//) ]Ɋ& !X//) F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 6@**8//) ]Ɋ& !X//) F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8//) ]Ɋ& !X//) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nst8**8//) ]Ɋ& !X//) F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.08**//) ]Ɋ& !//) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=622df4b4-3e3b-4f11-9e87-b2ca52e7e905 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **-/) ]Ɋ& !-/) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=622df4b4-3e3b-4f11-9e87-b2ca52e7e905 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=?**XZ0) ]Ɋ& !XZ0) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pZ0) ]Ɋ& !XZ0) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pZ0) ]Ɋ& !XZ0) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**hZ0) ]Ɋ& !XZ0) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**hZ0) ]Ɋ& !XZ0) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**hZ0) ]Ɋ& !XZ0) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**Z0) ]Ɋ&  !Z0) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c98a33c5-7789-4d1d-8fe1-7b3b73d87b32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**1) ]Ɋ& !1) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c98a33c5-7789-4d1d-8fe1-7b3b73d87b32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= . |***2) ]Ɋ& '!X*2) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e***2) ]Ɋ& ?!X*2) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h***2) ]Ɋ& ;!X*2) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=43d***2) ]Ɋ& 3!X*2) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&***2) ]Ɋ& 3!X*2) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d3c***2) ]Ɋ& 5!X*2) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0*2) ]Ɋ& !*2) F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2d98db44-646f-481f-8eba-f1c4f6f8ad56 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@2) ]Ɋ& !2) F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2d98db44-646f-481f-8eba-f1c4f6f8ad56 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**) ]Ɋ& )!X) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com**) ]Ɋ& A!X) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= **) ]Ɋ& =!X) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut**) ]Ɋ& 5!X) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 **) ]Ɋ& 5!X) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**) ]Ɋ& 7!X) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0) ]Ɋ& !) F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92fc6a19-dca8-4b25-8c12-b32491ace4b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t0**@J) ]Ɋ& !J) F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92fc6a19-dca8-4b25-8c12-b32491ace4b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=top@**X@) ]Ɋ& !X@) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p@) ]Ɋ& !X@) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stp**h@) ]Ɋ& !X@) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`@) ]Ɋ& !X@) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n`**`@) ]Ɋ& !X@) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**h@) ]Ɋ& !X@) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Stah**@) ]Ɋ&  !@) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11416ef0-9a65-4d31-b1b3-8c5cb8fb4dc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**@) ]Ɋ& !@) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11416ef0-9a65-4d31-b1b3-8c5cb8fb4dc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**8@) ]Ɋ& !X@) F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**P@) ]Ɋ& !X@) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ueP**P@) ]Ɋ& !X@) F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P  ]Ɋ& F&ndPath= CommandLine=XElfChnk0-Z`Mu=VysMc&&**H@) ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X@) F&F%g>9{p(xlMD EventDatauoData !BinaryvFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H@) ]Ɋ& !X@) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H@) ]Ɋ& !X@) F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ScrH**@) ]Ɋ& !@) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be40ef10-ec12-409b-9137-7437bf5f907e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**w) ]Ɋ& !w) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be40ef10-ec12-409b-9137-7437bf5f907e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Xw) ]Ɋ& !Xw) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoX**pw) ]Ɋ& !Xw) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortp**hw) ]Ɋ& !Xw) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bah**`w) ]Ɋ& !Xw) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`w) ]Ɋ& !Xw) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq`**`w) ]Ɋ& !Xw) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**w) ]Ɋ& !w) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=837143ef-5d58-45d0-87f0-62a6a4a835e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**w) ]Ɋ& !w) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=837143ef-5d58-45d0-87f0-62a6a4a835e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **( r) ]Ɋ& !X r) F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@ r) ]Ɋ& !X r) F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V@**@ r) ]Ɋ& !X r) F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te'@**8 r) ]Ɋ& !X r) F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent8**8 r) ]Ɋ& !X r) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t 8**8 r) ]Ɋ& !X r) F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8** r) ]Ɋ& ! r) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8eb95eee-624f-4c00-a4fa-d3b8b0d4d6f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe** ) ]Ɋ& ! ) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8eb95eee-624f-4c00-a4fa-d3b8b0d4d6f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ated**X;) ]Ɋ& !X;) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p;) ]Ɋ& !X;) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p;) ]Ɋ& !X;) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultp**h;) ]Ɋ& !X;) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthh**h;) ]Ɋ& !X;) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h;) ]Ɋ& !X;) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nah**;) ]Ɋ&  !;) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c03a418-4e1b-49f2-af78-04174b7658ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**g) ]Ɋ& !g) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c03a418-4e1b-49f2-af78-04174b7658ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber=**g) ]Ɋ& '!Xg) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**g) ]Ɋ& ?!Xg) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **g) ]Ɋ& ;!Xg) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**g) ]Ɋ& 3!Xg) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ou** g) ]Ɋ& 3!Xg)  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cti** g) ]Ɋ& 5!Xg)  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= -**0 g) ]Ɋ& !g)  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=46f90858-cfdd-44bf-a087-f108b3d3e1b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te0**@ ) ]Ɋ& !)  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=46f90858-cfdd-44bf-a087-f108b3d3e1b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9-dc@** oa, ]Ɋ& )!Xoa,  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**oa, ]Ɋ& A!Xoa, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mIns**oa, ]Ɋ& =!Xoa, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-1**oa, ]Ɋ& 5!Xoa, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**oa, ]Ɋ& 5!Xoa, F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**oa, ]Ɋ& 7!Xoa, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0oa, ]Ɋ& !oa, F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=87c3cc94-8fb0-4329-9a1c-e58a036ecfed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@a, ]Ɋ& !a, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=87c3cc94-8fb0-4329-9a1c-e58a036ecfed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**Xa, ]Ɋ& !Xa, F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**pa, ]Ɋ& !Xa, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**ha, ]Ɋ& !Xa, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`a, ]Ɋ& !Xa, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnkHHފJC^Mu=VysMc&&**ha, ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!Xa, F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**ha, ]Ɋ& !Xa, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**a, ]Ɋ&  !a, F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7094964e-adac-49ee-b487-06acf746f833 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ**9a, ]Ɋ& !9a, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7094964e-adac-49ee-b487-06acf746f833 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**89a, ]Ɋ& !X9a, F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P9a, ]Ɋ& !X9a, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P9a, ]Ɋ& !X9a, F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H 9a, ]Ɋ& !X9a,  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H!9a, ]Ɋ& !X9a,! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H"9a, ]Ɋ& !X9a," F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H**#9a, ]Ɋ& !9a,# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1fae551a-8630-4810-a131-3d85183ef55d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$9a, ]Ɋ& !9a,$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1fae551a-8630-4810-a131-3d85183ef55d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X%9a, ]Ɋ& !X9a,% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**p&9a, ]Ɋ& !X9a,& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**h'9a, ]Ɋ& !X9a,' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**`(9a, ]Ɋ& !X9a,( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`)9a, ]Ɋ& !X9a,) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`*9a, ]Ɋ& !X9a,* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**+9a, ]Ɋ& !9a,+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7956214f-ad86-45b2-adee-ab186018b242 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,4a, ]Ɋ& !4a,, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7956214f-ad86-45b2-adee-ab186018b242 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**(-4a, ]Ɋ& !X4a,- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@.4a, ]Ɋ& !X4a,. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@/4a, ]Ɋ& !X4a,/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**804a, ]Ɋ& !X4a,0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**814a, ]Ɋ& !X4a,1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b6-8**824a, ]Ɋ& !X4a,2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**34a, ]Ɋ& !4a,3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=62747d21-23d0-47bd-b20a-0862ed9e6ad0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**4ja, ]Ɋ& !ja,4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=62747d21-23d0-47bd-b20a-0862ed9e6ad0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**X54a, ]Ɋ& !X4a,5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p64a, ]Ɋ& !X4a,6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**p74a, ]Ɋ& !X4a,7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**h84a, ]Ɋ& !X4a,8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**h94a, ]Ɋ& !X4a,9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**h:4a, ]Ɋ& !X4a,: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**;4a, ]Ɋ&  !4a,; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f8fb7e4b-164a-4759-bcf5-3da837e12255 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**<$a, ]Ɋ& !$a,< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f8fb7e4b-164a-4759-bcf5-3da837e12255 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio**=$a, ]Ɋ& '!X$a,= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**>$a, ]Ɋ& ?!X$a,> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**?$a, ]Ɋ& ;!X$a,? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne**@$a, ]Ɋ& 3!X$a,@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **A$a, ]Ɋ& 3!X$a,A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP**B$a, ]Ɋ& 5!X$a,B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**0Cea, ]Ɋ& !ea,C F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ef942dde-63ce-4588-8257-49ca97b14269 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@DQa, ]Ɋ& !Qa,D F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ef942dde-63ce-4588-8257-49ca97b14269 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @**EX. ]Ɋ& )!XX.E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut-S**FX. ]Ɋ& A!XX.F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 -C**GX. ]Ɋ& =!XX.G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**HX. ]Ɋ& 5!XX.H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on.0 HostId= ]Ɋ& icXX.I F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnkIyIypev.PMu=VysMc&&**IX. ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XX.I F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **JX. ]Ɋ& 7!XX.J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0K. ]Ɋ& !.K F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6446a15d-8bdf-4a53-a421-55f70db99ac7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@L. ]Ɋ& !.L F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6446a15d-8bdf-4a53-a421-55f70db99ac7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**XM. ]Ɋ& !X.M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**pN. ]Ɋ& !X.N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**hO. ]Ɋ& !X.O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`P. ]Ɋ& !X.P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`Q. ]Ɋ& !X.Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**hR. ]Ɋ& !X.R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**S. ]Ɋ&  !.S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9a389d9a-01ea-4fb7-ba9a-d9c5dd01322b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **T. ]Ɋ& !.T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9a389d9a-01ea-4fb7-ba9a-d9c5dd01322b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8UvF. ]Ɋ& !XvF.U F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**PVvF. ]Ɋ& !XvF.V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**PWvF. ]Ɋ& !XvF.W F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**HXvF. ]Ɋ& !XvF.X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**HYvF. ]Ɋ& !XvF.Y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**HZvF. ]Ɋ& !XvF.Z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**[vF. ]Ɋ& !vF.[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3ccd35a-bf00-4485-aaf4-cc58eab1d1ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**\vF. ]Ɋ& !vF.\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3ccd35a-bf00-4485-aaf4-cc58eab1d1ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**X]vF. ]Ɋ& !XvF.] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**p^vF. ]Ɋ& !XvF.^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**h_vF. ]Ɋ& !XvF._ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**``vF. ]Ɋ& !XvF.` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`avF. ]Ɋ& !XvF.a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`bvF. ]Ɋ& !XvF.b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**cvF. ]Ɋ& !vF.c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=39ae1a80-8d97-47a6-aa86-a364eac32ad4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**d . ]Ɋ& ! .d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=39ae1a80-8d97-47a6-aa86-a364eac32ad4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(e . ]Ɋ& !X .e F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3(**@f . ]Ɋ& !X .f F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@g . ]Ɋ& !X .g F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6@**8h . ]Ɋ& !X .h F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8i . ]Ɋ& !X .i F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8j . ]Ɋ& !X .j F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**k . ]Ɋ& ! .k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4f53cd26-8b5a-400d-9459-976658eaeb10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**lw. ]Ɋ& !w.l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4f53cd26-8b5a-400d-9459-976658eaeb10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**XmW<. ]Ɋ& !XW<.m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pnW<. ]Ɋ& !XW<.n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**poW<. ]Ɋ& !XW<.o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hpW<. ]Ɋ& !XW<.p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hqW<. ]Ɋ& !XW<.q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ae9h**hrW<. ]Ɋ& !XW<.r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**sW<. ]Ɋ&  !W<.s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f2dc992-1e3a-4c59-8ed4-29216fe31cf2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**t. ]Ɋ& !.t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f2dc992-1e3a-4c59-8ed4-29216fe31cf2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**u. ]Ɋ& '!X.u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**v. ]Ɋ& ?!X.v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**w. ]Ɋ& ;!X.w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **x. ]Ɋ& 3!X.x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**y. ]Ɋ& 3!X.y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& X.z F&I F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnkzzp(6NMu=VysMc&&** z. ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X.z F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=472 **0{. ]Ɋ& !.{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f96246a3-854e-4e53-b0df-27e6347c9123 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@|. ]Ɋ& !.| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f96246a3-854e-4e53-b0df-27e6347c9123 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**}׉b1 ]Ɋ& )!X׉b1} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**~׉b1 ]Ɋ& A!X׉b1~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **׉b1 ]Ɋ& =!X׉b1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**׉b1 ]Ɋ& 5!X׉b1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**׉b1 ]Ɋ& 5!X׉b1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **׉b1 ]Ɋ& 7!X׉b1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0׉b1 ]Ɋ& !׉b1 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e46cb7cc-0129-4d77-9719-92dbb9446fcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@c1 ]Ɋ& !c1 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e46cb7cc-0129-4d77-9719-92dbb9446fcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**Xc1 ]Ɋ& !Xc1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pc1 ]Ɋ& !Xc1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**hc1 ]Ɋ& !Xc1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`c1 ]Ɋ& !Xc1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`c1 ]Ɋ& !Xc1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hc1 ]Ɋ& !Xc1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**c1 ]Ɋ&  !c1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=09a82986-c930-4e83-9322-4a5b9ddfaafe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**Sd1 ]Ɋ& !Sd1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=09a82986-c930-4e83-9322-4a5b9ddfaafe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8Sd1 ]Ɋ& !XSd1 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**PSd1 ]Ɋ& !XSd1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**PSd1 ]Ɋ& !XSd1 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**HSd1 ]Ɋ& !XSd1 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**HSd1 ]Ɋ& !XSd1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ftVoH**HSd1 ]Ɋ& !XSd1 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ritH**Sd1 ]Ɋ& !Sd1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37b12daa-9340-4c1c-8452-9c5485dbd07e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**Sd1 ]Ɋ& !Sd1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37b12daa-9340-4c1c-8452-9c5485dbd07e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**XSd1 ]Ɋ& !XSd1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US;X**pSd1 ]Ɋ& !XSd1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostVp**hSd1 ]Ɋ& !XSd1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`Sd1 ]Ɋ& !XSd1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*`**`Sd1 ]Ɋ& !XSd1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru`**`Sd1 ]Ɋ& !XSd1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**Sd1 ]Ɋ& !Sd1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f2fcb4b3-48e1-43b5-93a5-dc01b1c0f2dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**1d1 ]Ɋ& !1d1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f2fcb4b3-48e1-43b5-93a5-dc01b1c0f2dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(1d1 ]Ɋ& !X1d1 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2(**@1d1 ]Ɋ& !X1d1 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0@**@1d1 ]Ɋ& !X1d1 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**81d1 ]Ɋ& !X1d1 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**81d1 ]Ɋ& !X1d1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**81d1 ]Ɋ& !X1d1 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**1d1 ]Ɋ& !1d1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=71b7db1f-e710-4390-87c0-298ac5a7e1d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**DŽe1 ]Ɋ& !DŽe1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=71b7db1f-e710-4390-87c0-298ac5a7e1d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**Xf1 ]Ɋ& !Xf1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**pf1 ]Ɋ& !Xf1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**pf1 ]Ɋ& !Xf1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**hf1 ]Ɋ& !Xf1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**hf1 ]Ɋ& !Xf1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**hf1 ]Ɋ& !Xf1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**f1 ]Ɋ&  !f1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0b87ddc-5362-4887-878e-f19750f3e59e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sbe.properties ]Ɋ& Cu!g1 F&n-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& X.z F&I F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnkxyMu=VysMc&&** !g1 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!g1 F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0b87ddc-5362-4887-878e-f19750f3e59e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **!g1 ]Ɋ& '!X!g1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!g1 ]Ɋ& ?!X!g1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!g1 ]Ɋ& ;!X!g1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**!g1 ]Ɋ& 3!X!g1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!g1 ]Ɋ& 3!X!g1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ica**!g1 ]Ɋ& 5!X!g1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0!g1 ]Ɋ& !!g1 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5441b58b-74ba-4727-af6d-42c094eb5007 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow0**@Ni1 ]Ɋ& !Ni1 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5441b58b-74ba-4727-af6d-42c094eb5007 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**Kxs3 ]Ɋ& )!XKxs3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**Kxs3 ]Ɋ& A!XKxs3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-wid**Kxs3 ]Ɋ& =!XKxs3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**Kxs3 ]Ɋ& 5!XKxs3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **Kxs3 ]Ɋ& 5!XKxs3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**Kxs3 ]Ɋ& 7!XKxs3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0Kxs3 ]Ɋ& !Kxs3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa41649a-d20b-4d03-8f16-e28c72254d4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@3|ys3 ]Ɋ& !3|ys3 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa41649a-d20b-4d03-8f16-e28c72254d4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X{s3 ]Ɋ& !X{s3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p{s3 ]Ɋ& !X{s3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h{s3 ]Ɋ& !X{s3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`{s3 ]Ɋ& !X{s3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`{s3 ]Ɋ& !X{s3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**h{s3 ]Ɋ& !X{s3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineSh**{s3 ]Ɋ&  !{s3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0e8fe0a8-26ed-4ff3-b861-6e0b1fe51ef7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ped **{s3 ]Ɋ& !{s3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0e8fe0a8-26ed-4ff3-b861-6e0b1fe51ef7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt**8$w|s3 ]Ɋ& !X$w|s3 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nm8**P$w|s3 ]Ɋ& !X$w|s3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idP**P$w|s3 ]Ɋ& !X$w|s3 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartP**H$w|s3 ]Ɋ& !X$w|s3 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ReH**H$w|s3 ]Ɋ& !X$w|s3 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H$w|s3 ]Ɋ& !X$w|s3 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1H**$w|s3 ]Ɋ& !$w|s3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d27aad48-79fb-4eaa-8f9a-8b0c2d61c353 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**$w|s3 ]Ɋ& !$w|s3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d27aad48-79fb-4eaa-8f9a-8b0c2d61c353 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X}s3 ]Ɋ& !X}s3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaX**p}s3 ]Ɋ& !X}s3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**h}s3 ]Ɋ& !X}s3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`}s3 ]Ɋ& !X}s3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`}s3 ]Ɋ& !X}s3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=`**`}s3 ]Ɋ& !X}s3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**}s3 ]Ɋ& !}s3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31d68ac7-eca1-4143-92b7-0728e27329dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Q}s3 ]Ɋ& !Q}s3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31d68ac7-eca1-4143-92b7-0728e27329dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9 **(@~s3 ]Ɋ& !X@~s3 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@@~s3 ]Ɋ& !X@~s3 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@@~s3 ]Ɋ& !X@~s3 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin@**8@~s3 ]Ɋ& !X@~s3 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8@~s3 ]Ɋ& !X@~s3 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8@~s3 ]Ɋ& !X@~s3 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== 8**@~s3 ]Ɋ& !@~s3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a0108d3f-732f-46eb-8634-95a342295c54 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge**~~s3 ]Ɋ& !~~s3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a0108d3f-732f-46eb-8634-95a342295c54 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te';**X2s3 ]Ɋ& !X2s3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p2s3 ]Ɋ& !X2s3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX2s3 F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnk8e/7Mu=VysMc&&**p 2s3 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! S!X2s3 F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **h2s3 ]Ɋ& !X2s3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h2s3 ]Ɋ& !X2s3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h2s3 ]Ɋ& !X2s3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tah**2s3 ]Ɋ&  !2s3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1d3f1477-2329-41ab-b57a-d0fe67e0555c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b5**6s3 ]Ɋ& !6s3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1d3f1477-2329-41ab-b57a-d0fe67e0555c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,De**_τs3 ]Ɋ& '!X_τs3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**_τs3 ]Ɋ& ?!X_τs3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**_τs3 ]Ɋ& ;!X_τs3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hel**_τs3 ]Ɋ& 3!X_τs3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**_τs3 ]Ɋ& 3!X_τs3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll **_τs3 ]Ɋ& 5!X_τs3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0_τs3 ]Ɋ& !_τs3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9cd3fa3e-ec8f-4a3e-a9c6-e9ef028f7ce9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng0**@s3 ]Ɋ& !s3 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9cd3fa3e-ec8f-4a3e-a9c6-e9ef028f7ce9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**S a5 ]Ɋ& )!XS a5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3**S a5 ]Ɋ& A!XS a5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **S a5 ]Ɋ& =!XS a5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**S a5 ]Ɋ& 5!XS a5 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl**S a5 ]Ɋ& 5!XS a5 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **S a5 ]Ɋ& 7!XS a5 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0S a5 ]Ɋ& !S a5 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b3db63f-84db-4a81-8ccb-7b7d16323432 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=40**@=b5 ]Ɋ& !=b5 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b3db63f-84db-4a81-8ccb-7b7d16323432 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**Xb5 ]Ɋ& !Xb5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProX**pb5 ]Ɋ& !Xb5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt p**hb5 ]Ɋ& !Xb5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sh**`b5 ]Ɋ& !Xb5 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**`b5 ]Ɋ& !Xb5 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**hb5 ]Ɋ& !Xb5 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**b5 ]Ɋ&  !b5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed4b1661-cc6e-42e2-b55b-43e2eba1ddba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=104c**b5 ]Ɋ& !b5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed4b1661-cc6e-42e2-b55b-43e2eba1ddba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=34**8b5 ]Ɋ& !Xb5 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si8**Pb5 ]Ɋ& !Xb5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leP**Pb5 ]Ɋ& !Xb5 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HoP**Hb5 ]Ɋ& !Xb5 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eNumH**Hb5 ]Ɋ& !Xb5 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**Hb5 ]Ɋ& !Xb5 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ateH**b5 ]Ɋ& !b5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a599edff-094f-4c8d-9e8a-23b34e59165a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber**nc5 ]Ɋ& !nc5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a599edff-094f-4c8d-9e8a-23b34e59165a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xnc5 ]Ɋ& !Xnc5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNamX**pnc5 ]Ɋ& !Xnc5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hnc5 ]Ɋ& !Xnc5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**`nc5 ]Ɋ& !Xnc5 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=('`**` nc5 ]Ɋ& !Xnc5  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ti`**` nc5 ]Ɋ& !Xnc5  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`** nc5 ]Ɋ& !nc5  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4538785-d964-4618-af16-e7e17455109e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N** nc5 ]Ɋ& !nc5  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4538785-d964-4618-af16-e7e17455109e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**( Cd5 ]Ɋ& !XCd5  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@Cd5 ]Ɋ& !XCd5 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@Cd5 ]Ɋ& !XCd5 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ace@**8Cd5 ]Ɋ& !XCd5 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es[8nstalldate'] ]Ɋ& etXCd5 F&imatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX2s3 F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnkBBG@~Mu=VysMc&&**8 Cd5 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XCd5 F&F%g>9{p(xlMD EventDatauoData !BinaryhRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8Cd5 ]Ɋ& !XCd5 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=In8**Cd5 ]Ɋ& !Cd5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=129c8a4c-fcd0-4bc3-afc6-8d75ff1bc126 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WA**ڟd5 ]Ɋ& !ڟd5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=129c8a4c-fcd0-4bc3-afc6-8d75ff1bc126 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=po**Xif5 ]Ɋ& !Xif5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pif5 ]Ɋ& !Xif5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7p**pif5 ]Ɋ& !Xif5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**hif5 ]Ɋ& !Xif5 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**hif5 ]Ɋ& !Xif5 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNh**hif5 ]Ɋ& !Xif5 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dBh**if5 ]Ɋ&  !if5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=71e3d6dd-4a18-4585-b2e2-1edc130d0007 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**4g5 ]Ɋ& !4g5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=71e3d6dd-4a18-4585-b2e2-1edc130d0007 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gine**h5 ]Ɋ& '!Xh5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**h5 ]Ɋ& ?!Xh5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**h5 ]Ɋ& ;!Xh5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** h5 ]Ɋ& 3!Xh5  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsh**!h5 ]Ɋ& 3!Xh5! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**"h5 ]Ɋ& 5!Xh5" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=re**0#di5 ]Ɋ& !di5# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=21099736-2024-457d-b7f6-c5023ab07bc6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@$$i5 ]Ɋ& !$i5$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=21099736-2024-457d-b7f6-c5023ab07bc6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se@**%8 ]Ɋ& )!X8% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535-**&8 ]Ɋ& A!X8& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=C**'8 ]Ɋ& =!X8' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **(8 ]Ɋ& 5!X8( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**)8 ]Ɋ& 5!X8) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b***8 ]Ɋ& 7!X8* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**0+&8 ]Ɋ& !&8+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c3acd911-97fd-45bf-876e-3faade63c6d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=10**@,08 ]Ɋ& !08, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c3acd911-97fd-45bf-876e-3faade63c6d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e |@**X-Sɳ8 ]Ɋ& !XSɳ8- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pdaX**p.Sɳ8 ]Ɋ& !XSɳ8. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nEnp**h/Sɳ8 ]Ɋ& !XSɳ8/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th**`0Sɳ8 ]Ɋ& !XSɳ80 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`1Sɳ8 ]Ɋ& !XSɳ81 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h2Sɳ8 ]Ɋ& !XSɳ82 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ruh**3Sɳ8 ]Ɋ&  !Sɳ83 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=106f63fa-49c5-4c43-8937-05ccee547748 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pipe**4Sɳ8 ]Ɋ& !Sɳ84 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=106f63fa-49c5-4c43-8937-05ccee547748 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**85Sɳ8 ]Ɋ& !XSɳ85 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P6Sɳ8 ]Ɋ& !XSɳ86 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=unP**P7Sɳ8 ]Ɋ& !XSɳ87 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gineP**H8Sɳ8 ]Ɋ& !XSɳ88 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 65H**H9Sɳ8 ]Ɋ& !XSɳ89 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StriH**H:Sɳ8 ]Ɋ& !XSɳ8: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oluH**;Sɳ8 ]Ɋ& !Sɳ8; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84e1bc7e-244f-42b3-ad36-180e83fc8dd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=553**<Sɳ8 ]Ɋ& !Sɳ8< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84e1bc7e-244f-42b3-ad36-180e83fc8dd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X=a8 ]Ɋ& !Xa8= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arseX**p>a8 ]Ɋ& !Xa8> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h?a8 ]Ɋ& !Xa8? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eqh**`@a8 ]Ɋ& !Xa8@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Aa8 ]Ɋ& !Xa8A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri`**`Ba8 ]Ɋ& !Xa8B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`ElfChnkCsCs`;!ksgMu=VysMc&&**Ca8 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !a8C F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=afa69d14-53f8-4292-81ab-ebb1b2637d2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**Da8 ]Ɋ& !a8D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=afa69d14-53f8-4292-81ab-ebb1b2637d2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **(Ea8 ]Ɋ& !Xa8E F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@Fa8 ]Ɋ& !Xa8F F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@Ga8 ]Ɋ& !Xa8G F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | @**8Ha8 ]Ɋ& !Xa8H F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Se8**8Ia8 ]Ɋ& !Xa8I F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS8**8Ja8 ]Ɋ& !Xa8J F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**Ka8 ]Ɋ& !a8K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b140884f-44be-45f0-ae67-4156885b0801 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si**L8 ]Ɋ& !8L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b140884f-44be-45f0-ae67-4156885b0801 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obal**XM+8 ]Ɋ& !X+8M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pN+8 ]Ɋ& !X+8N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.p**pO+8 ]Ɋ& !X+8O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e.pp**hP+8 ]Ɋ& !X+8P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n.Ch**hQ+8 ]Ɋ& !X+8Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655h**hR+8 ]Ɋ& !X+8R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pah**S+8 ]Ɋ&  !+8S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df907272-f599-43ef-9103-21feb713f3e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**TCĶ8 ]Ɋ& !CĶ8T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df907272-f599-43ef-9103-21feb713f3e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**U\8 ]Ɋ& '!X\8U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**V\8 ]Ɋ& ?!X\8V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**W\8 ]Ɋ& ;!X\8W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X\8 ]Ɋ& 3!X\8X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ati**Y\8 ]Ɋ& 3!X\8Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Z\8 ]Ɋ& 5!X\8Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**0[\8 ]Ɋ& !\8[ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=05876c6f-963b-4aae-8aba-254571cdc24e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@\p8 ]Ɋ& !p8\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=05876c6f-963b-4aae-8aba-254571cdc24e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stri@**]Dvd: ]Ɋ& )!XDvd:] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tanc**^Dvd: ]Ɋ& A!XDvd:^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7-4d**_Dvd: ]Ɋ& =!XDvd:_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **`Dvd: ]Ɋ& 5!XDvd:` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**aDvd: ]Ɋ& 5!XDvd:a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**bDvd: ]Ɋ& 7!XDvd:b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0cDvd: ]Ɋ& !Dvd:c F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=51b7816b-1aa6-4f25-958a-5d8c56864c7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m0**@dqd: ]Ɋ& !qd:d F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=51b7816b-1aa6-4f25-958a-5d8c56864c7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P@**Xeqd: ]Ɋ& !Xqd:e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0X**pfqd: ]Ɋ& !Xqd:f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=inep**hgqd: ]Ɋ& !Xqd:g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh**`hqd: ]Ɋ& !Xqd:h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`iqd: ]Ɋ& !Xqd:i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I`**hjqd: ]Ɋ& !Xqd:j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nameh**kqd: ]Ɋ&  !qd:k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=42937415-c2bd-4f5f-8aa5-dcf0e0cb744c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand**l@d: ]Ɋ& !@d:l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=42937415-c2bd-4f5f-8aa5-dcf0e0cb744c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8m@d: ]Ɋ& !X@d:m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sc8**Pn@d: ]Ɋ& !X@d:n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**Po@d: ]Ɋ& !X@d:o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== P**Hp@d: ]Ɋ& !X@d:p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eId=H**Hq@d: ]Ɋ& !X@d:q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d= H**Hr@d: ]Ɋ& !X@d:r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RH**s@d: ]Ɋ& !@d:s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ebc077b8-94bf-40aa-bcf7-38a2ad46b5fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= mmandName=  ]Ɋ& CommandPath= Comm@d:ElfChnkttH Q}I0Mu=VysMc&&**t@d: ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !@d:t F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ebc077b8-94bf-40aa-bcf7-38a2ad46b5fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**Xud: ]Ɋ& !Xd:u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pvd: ]Ɋ& !Xd:v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hwd: ]Ɋ& !Xd:w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`xd: ]Ɋ& !Xd:x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`yd: ]Ɋ& !Xd:y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`zd: ]Ɋ& !Xd:z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**{d: ]Ɋ& !d:{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d9bd38a1-00b9-4cee-a754-ef5d35c20055 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|d: ]Ɋ& !d:| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d9bd38a1-00b9-4cee-a754-ef5d35c20055 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(}d: ]Ɋ& !Xd:} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8(**@~d: ]Ɋ& !Xd:~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@d: ]Ɋ& !Xd: F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8d: ]Ɋ& !Xd: F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8d: ]Ɋ& !Xd: F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8d: ]Ɋ& !Xd: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**d: ]Ɋ& !d: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e85fce9d-32dc-4d4a-92e2-8badd9652e7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== ** d: ]Ɋ& ! d: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e85fce9d-32dc-4d4a-92e2-8badd9652e7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**Xbd: ]Ɋ& !Xbd: F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pbd: ]Ɋ& !Xbd: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pbd: ]Ɋ& !Xbd: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hbd: ]Ɋ& !Xbd: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hbd: ]Ɋ& !Xbd: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hbd: ]Ɋ& !Xbd: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**bd: ]Ɋ&  !bd: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7c2497c-74ee-4f74-bdb1-4a30c9d921ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**d: ]Ɋ& !d: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7c2497c-74ee-4f74-bdb1-4a30c9d921ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**d: ]Ɋ& '!Xd: F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **d: ]Ɋ& ?!Xd: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**d: ]Ɋ& ;!Xd: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**d: ]Ɋ& 3!Xd: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **d: ]Ɋ& 3!Xd: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**d: ]Ɋ& 5!Xd: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0d: ]Ɋ& !d: F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e625b503-5069-4461-a029-e365bc3a8f55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@%ld: ]Ɋ& !%ld: F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e625b503-5069-4461-a029-e365bc3a8f55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-5d8@**=M< ]Ɋ& )!X=M< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**=M< ]Ɋ& A!X=M< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**=M< ]Ɋ& =!X=M< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8e**=M< ]Ɋ& 5!X=M< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**=M< ]Ɋ& 5!X=M< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**=M< ]Ɋ& 7!X=M< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0< ]Ɋ& !< F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd3e8ca5-6010-4f7c-9923-561e215c074b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@j~< ]Ɋ& !j~< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd3e8ca5-6010-4f7c-9923-561e215c074b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X< ]Ɋ& !X< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p< ]Ɋ& !X< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h< ]Ɋ& !X< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`< ]Ɋ& !X< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`< ]Ɋ& !X< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**h< ]Ɋ& !X< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**< ]Ɋ&  !< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f6b493c2-3339-43c4-964c-e2c890ec165a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!@d: ]Ɋ& at< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f6b493c2-3339-43c4-964c-e2c890ec165a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@L;0Mu=VysMc&&**< ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !< F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f6b493c2-3339-43c4-964c-e2c890ec165a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8< ]Ɋ& !X< F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om8**P< ]Ɋ& !X< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**P< ]Ɋ& !X< F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaP**H< ]Ɋ& !X< F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iptNH**H< ]Ɋ& !X< F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTypH**H< ]Ɋ& !X< F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**< ]Ɋ& !< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08c67280-9c66-4414-8e95-6c50d0910e93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08c67280-9c66-4414-8e95-6c50d0910e93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X< ]Ɋ& !X< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulX**p< ]Ɋ& !X< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={ [p**h< ]Ɋ& !X< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f6h**`< ]Ɋ& !X< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rS`**`< ]Ɋ& !X< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`< ]Ɋ& !X< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**< ]Ɋ& !< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27560597-559b-42dd-bf93-ae76e4e1eb92 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27560597-559b-42dd-bf93-ae76e4e1eb92 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ure**(-H< ]Ɋ& !X-H< F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v(**@-H< ]Ɋ& !X-H< F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K@**@-H< ]Ɋ& !X-H< F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=@**8-H< ]Ɋ& !X-H< F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F8**8-H< ]Ɋ& !X-H< F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam8**8-H< ]Ɋ& !X-H< F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Gl8**-H< ]Ɋ& !-H< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=30a8cc45-2536-4fcc-bb40-2c971f517126 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=30a8cc45-2536-4fcc-bb40-2c971f517126 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tall**X< ]Ɋ& !X< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\X**p< ]Ɋ& !X< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\p**p< ]Ɋ& !X< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=help**h< ]Ɋ& !X< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ct h**h< ]Ɋ& !X< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n';h**h< ]Ɋ& !X< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=([h**< ]Ɋ&  !< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df1355b2-757f-4875-9d68-c4985e7f90c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df1355b2-757f-4875-9d68-c4985e7f90c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omma**< ]Ɋ& '!X< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**< ]Ɋ& ?!X< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**< ]Ɋ& ;!X< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt **< ]Ɋ& 3!X< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=**< ]Ɋ& 3!X< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**< ]Ɋ& 5!X< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0< ]Ɋ& !< F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5dd0d2e9-a42a-46f0-bcab-97f48d54adc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@ۙ< ]Ɋ& !ۙ< F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5dd0d2e9-a42a-46f0-bcab-97f48d54adc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w@**τl> ]Ɋ& )!Xτl> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nter**τl> ]Ɋ& A!Xτl> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**τl> ]Ɋ& =!Xτl> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**τl> ]Ɋ& 5!Xτl> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**τl> ]Ɋ& 5!Xτl> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Va**τl> ]Ɋ& 7!Xτl> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0fl> ]Ɋ& !fl> F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=98c3843c-bee2-47f6-a447-fb7418258152 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@l> ]Ɋ& !l> F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=98c3843c-bee2-47f6-a447-fb7418258152 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=890@165a Pipel ]Ɋ& meXNl> F&e=ElfChnkHQk88Mu=VysMc&&**XNl> ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ;!XNl> F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pNl> ]Ɋ& !XNl> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**hNl> ]Ɋ& !XNl> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`Nl> ]Ɋ& !XNl> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`Nl> ]Ɋ& !XNl> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hNl> ]Ɋ& !XNl> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h**Nl> ]Ɋ&  !Nl> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=68dfdec7-f98b-45fb-9e32-37bcc378ea51 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=<**Nl> ]Ɋ& !Nl> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=68dfdec7-f98b-45fb-9e32-37bcc378ea51 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8)l> ]Ɋ& !X)l> F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P)l> ]Ɋ& !X)l> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P)l> ]Ɋ& !X)l> F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H)l> ]Ɋ& !X)l> F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H)l> ]Ɋ& !X)l> F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**H)l> ]Ɋ& !X)l> F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**)l> ]Ɋ& !)l> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48a73f2d-57ee-4b48-8062-703e9ef0f7b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**)l> ]Ɋ& !)l> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48a73f2d-57ee-4b48-8062-703e9ef0f7b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X)l> ]Ɋ& !X)l> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p)l> ]Ɋ& !X)l> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**h)l> ]Ɋ& !X)l> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`)l> ]Ɋ& !X)l> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`)l> ]Ɋ& !X)l> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`)l> ]Ɋ& !X)l> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**l> ]Ɋ& !l> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=35e2e640-c72c-4344-826b-793455fe576f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**l> ]Ɋ& !l> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=35e2e640-c72c-4344-826b-793455fe576f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(l> ]Ɋ& !Xl> F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@l> ]Ɋ& !Xl> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8@**@l> ]Ɋ& !Xl> F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8l> ]Ɋ& !Xl> F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8l> ]Ɋ& !Xl> F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==ef8**8l> ]Ɋ& !Xl> F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**l> ]Ɋ& !l> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=594051b4-b24b-4cef-b240-b3648211aa82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**l> ]Ɋ& !l> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=594051b4-b24b-4cef-b240-b3648211aa82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**Xzl> ]Ɋ& !Xzl> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**pzl> ]Ɋ& !Xzl> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pzl> ]Ɋ& !Xzl> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**hzl> ]Ɋ& !Xzl> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**hzl> ]Ɋ& !Xzl> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hzl> ]Ɋ& !Xzl> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**zl> ]Ɋ&  !zl> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27a498ba-6a32-4763-bdf6-bf24ca23b6f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Gl> ]Ɋ& !Gl> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27a498ba-6a32-4763-bdf6-bf24ca23b6f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **Gl> ]Ɋ& '!XGl> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**Gl> ]Ɋ& ?!XGl> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**Gl> ]Ɋ& ;!XGl> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**Gl> ]Ɋ& 3!XGl> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**Gl> ]Ɋ& 3!XGl> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**Gl> ]Ɋ& 5!XGl> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0Gl> ]Ɋ& !Gl> F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e100a217-b779-4470-88cb-83a4015f0546 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@tDl> ]Ɋ& !tDl> F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e100a217-b779-4470-88cb-83a4015f0546 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 @pelineId=  ]Ɋ& maXv@ F&165a Pipel ]Ɋ& meXNl> F&e=ElfChnk66hP<ŐU{[Mu=VysMc&&**v@ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xv@ F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**v@ ]Ɋ& A!Xv@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**v@ ]Ɋ& =!Xv@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**v@ ]Ɋ& 5!Xv@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l ** v@ ]Ɋ& 5!Xv@  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=01** v@ ]Ɋ& 7!Xv@  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**0 v@ ]Ɋ& !v@  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b9875153-c551-443f-8118-05fe45a9045f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@ @ ]Ɋ& !@  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b9875153-c551-443f-8118-05fe45a9045f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F@**X :@ ]Ɋ& !X:@  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p:@ ]Ɋ& !X:@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**h:@ ]Ɋ& !X:@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`:@ ]Ɋ& !X:@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`:@ ]Ɋ& !X:@ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h:@ ]Ɋ& !X:@ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tarth**:@ ]Ɋ&  !:@ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=127ac5d9-ed2d-4ec6-8634-abefcbfe5158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **6@ ]Ɋ& !6@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=127ac5d9-ed2d-4ec6-8634-abefcbfe5158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mb**8g@ ]Ɋ& !Xg@ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne8**Pg@ ]Ɋ& !Xg@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=P**Pg@ ]Ɋ& !Xg@ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtedP**Hg@ ]Ɋ& !Xg@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FuH**Hg@ ]Ɋ& !Xg@ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hg@ ]Ɋ& !Xg@ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=>H**g@ ]Ɋ& !g@ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4a1834f-1c84-4a8e-b490-a71ebf60fb1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**g@ ]Ɋ& !g@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4a1834f-1c84-4a8e-b490-a71ebf60fb1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xg@ ]Ɋ& !Xg@ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pg@ ]Ɋ& !Xg@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe= p**hg@ ]Ɋ& !Xg@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**` g@ ]Ɋ& !Xg@  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt`**`!g@ ]Ɋ& !Xg@! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`"g@ ]Ɋ& !Xg@" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**#g@ ]Ɋ& !g@# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7a57d34c-02bf-46be-b424-227bde0470ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **$g@ ]Ɋ& !g@$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7a57d34c-02bf-46be-b424-227bde0470ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(%@ ]Ɋ& !X@% F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@&@ ]Ɋ& !X@& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@'@ ]Ɋ& !X@' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o('@**8(@ ]Ɋ& !X@( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayV8**8)@ ]Ɋ& !X@) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8*@ ]Ɋ& !X@* F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um8**+@ ]Ɋ& !@+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=85bd44a1-2cb6-4cd8-860d-4f0070bca7d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,*@ ]Ɋ& !*@, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=85bd44a1-2cb6-4cd8-860d-4f0070bca7d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= **X-@ ]Ɋ& !X@- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**p.@ ]Ɋ& !X@. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**p/@ ]Ɋ& !X@/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8bap**h0@ ]Ɋ& !X@0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**h1@ ]Ɋ& !X@1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h2@ ]Ɋ& !X@2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**3@ ]Ɋ&  !@3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4400c81-8a4b-42ba-827a-5c5b84ad3158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **4H@ ]Ɋ& !H@4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4400c81-8a4b-42ba-827a-5c5b84ad3158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hell**5H@ ]Ɋ& '!XH@5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**6H@ ]Ɋ& ?!XH@6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-31-8315-49ba ]Ɋ& reXH@7 F&ame . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e100a217-b779-4470-88cb-83a4015f0546 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 @pelineId=  ]Ɋ& maXv@ F&165a Pipel ]Ɋ& meXNl> F&e=ElfChnk7i7i@ce^Mu=VysMc&&** 7H@ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XH@7 F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8H@ ]Ɋ& 3!XH@8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**9H@ ]Ɋ& 3!XH@9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=811**:H@ ]Ɋ& 5!XH@: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0;H@ ]Ɋ& !H@; F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cbeee941-e26d-434d-af17-9390ddc646f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@<u@ ]Ɋ& !u@< F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cbeee941-e26d-434d-af17-9390ddc646f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com@**=k3C ]Ɋ& )!Xk3C= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **>k3C ]Ɋ& A!Xk3C> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tSta**?k3C ]Ɋ& =!Xk3C? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**@k3C ]Ɋ& 5!Xk3C@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**Ak3C ]Ɋ& 5!Xk3CA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ve**Bk3C ]Ɋ& 7!Xk3CB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**0Ck3C ]Ɋ& !k3CC F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c87c608e-9b5f-4429-b5db-740641067dbb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@D@3C ]Ɋ& !@3CD F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c87c608e-9b5f-4429-b5db-740641067dbb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**XE@3C ]Ɋ& !X@3CE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pF@3C ]Ɋ& !X@3CF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hG@3C ]Ɋ& !X@3CG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`H@3C ]Ɋ& !X@3CH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`I@3C ]Ɋ& !X@3CI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hJ@3C ]Ɋ& !X@3CJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah**K@3C ]Ɋ&  !@3CK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b416f7a6-e78e-42d1-a98c-e2ca6df9c792 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New**L43C ]Ɋ& !43CL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b416f7a6-e78e-42d1-a98c-e2ca6df9c792 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**8M43C ]Ɋ& !X43CM F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**PN43C ]Ɋ& !X43CN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**PO43C ]Ɋ& !X43CO F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**HP43C ]Ɋ& !X43CP F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**HQ43C ]Ɋ& !X43CQ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**HR43C ]Ɋ& !X43CR F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**S43C ]Ɋ& !43CS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e36c20f-63a5-4ed8-867f-08f6e98b6304 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**T43C ]Ɋ& !43CT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e36c20f-63a5-4ed8-867f-08f6e98b6304 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XU43C ]Ɋ& !X43CU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pV43C ]Ɋ& !X43CV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**hW43C ]Ɋ& !X43CW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`X43C ]Ɋ& !X43CX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=10`**`Y43C ]Ɋ& !X43CY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`Z43C ]Ɋ& !X43CZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**[43C ]Ɋ& !43C[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e71c334a-94f8-40d7-ab72-052ca9968a55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**\m͖3C ]Ɋ& !m͖3C\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e71c334a-94f8-40d7-ab72-052ca9968a55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cd8**(]m͖3C ]Ɋ& !Xm͖3C] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@^m͖3C ]Ɋ& !Xm͖3C^ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@_m͖3C ]Ɋ& !Xm͖3C_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8`m͖3C ]Ɋ& !Xm͖3C` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8am͖3C ]Ɋ& !Xm͖3Ca F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8bm͖3C ]Ɋ& !Xm͖3Cb F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8**cm͖3C ]Ɋ& !m͖3Cc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=52b6fd39-1eec-4ed4-addc-234a05b581a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**df3C ]Ɋ& !f3Cd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=52b6fd39-1eec-4ed4-addc-234a05b581a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**Xe13C ]Ɋ& !X13Ce F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pf13C ]Ɋ& !X13Cf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pg13C ]Ɋ& !X13Cg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**hh13C ]Ɋ& !X13Ch F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**hi13C ]Ɋ& !X13Ci F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& X13Cj F&]Ɋ& meXNl> F&e=ElfChnkjjH͝.-rMu=VysMc&&**p j13C ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!X13Cj F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp **k13C ]Ɋ&  !13Ck F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d62da72-327b-4adf-aa9a-a988aa3bb4ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**l/3C ]Ɋ& !/3Cl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d62da72-327b-4adf-aa9a-a988aa3bb4ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio**m^ș3C ]Ɋ& '!X^ș3Cm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**n^ș3C ]Ɋ& ?!X^ș3Cn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2**o^ș3C ]Ɋ& ;!X^ș3Co F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**p^ș3C ]Ɋ& 3!X^ș3Cp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**q^ș3C ]Ɋ& 3!X^ș3Cq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t **r^ș3C ]Ɋ& 5!X^ș3Cr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0s^ș3C ]Ɋ& !^ș3Cs F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e2a5d366-bcee-496b-a2c8-dd7b5f78ccc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=660**@t`3C ]Ɋ& !`3Ct F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e2a5d366-bcee-496b-a2c8-dd7b5f78ccc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**u~E ]Ɋ& )!X~Eu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**v~E ]Ɋ& A!X~Ev F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**w~E ]Ɋ& =!X~Ew F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la**x~E ]Ɋ& 5!X~Ex F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**y~E ]Ɋ& 5!X~Ey F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**z~E ]Ɋ& 7!X~Ez F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0{~E ]Ɋ& !~E{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e36a5f91-01d7-4f47-8384-b45741adfc48 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@|߱~E ]Ɋ& !߱~E| F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e36a5f91-01d7-4f47-8384-b45741adfc48 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C@**X}x~E ]Ɋ& !Xx~E} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p~x~E ]Ɋ& !Xx~E~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hx~E ]Ɋ& !Xx~E F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`x~E ]Ɋ& !Xx~E F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`x~E ]Ɋ& !Xx~E F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hx~E ]Ɋ& !Xx~E F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vah**x~E ]Ɋ&  !x~E F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0aa1b6e1-89fc-41c7-a7a6-99f0b5507628 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineS**x~E ]Ɋ& !x~E F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0aa1b6e1-89fc-41c7-a7a6-99f0b5507628 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8~E ]Ɋ& !X~E F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=am8**P~E ]Ɋ& !X~E F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PP**P~E ]Ɋ& !X~E F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSyP**H~E ]Ɋ& !X~E F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H~E ]Ɋ& !X~E F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3CH**H~E ]Ɋ& !X~E F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**~E ]Ɋ& !~E F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0c6afcde-3e8a-47e0-bff9-eb79be4091d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~E ]Ɋ& !~E F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0c6afcde-3e8a-47e0-bff9-eb79be4091d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X~E ]Ɋ& !X~E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p~E ]Ɋ& !X~E F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h~E ]Ɋ& !X~E F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`~E ]Ɋ& !X~E F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ps`**`~E ]Ɋ& !X~E F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`~E ]Ɋ& !X~E F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q`**~E ]Ɋ& !~E F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=733cafaf-9948-426e-9388-faef62ffedde PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**~E ]Ɋ& !~E F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=733cafaf-9948-426e-9388-faef62ffedde PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(~E ]Ɋ& !X~E F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@~E ]Ɋ& !X~E F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S@**@~E ]Ɋ& !X~E F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=etC@**8~E ]Ɋ& !X~E F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNa8**8~E ]Ɋ& !X~E F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8~E ]Ɋ& !X~E F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**~E ]Ɋ& !~E F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2b7825f6-8b10-4473-984e-8a4895db42ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**GB~E ]Ɋ& !GB~E F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2b7825f6-8b10-4473-984e-8a4895db42ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== riptName=  ]Ɋ& X~E F&X13Cj F&]Ɋ& meXNl> F&e=ElfChnkHHMu=VysMc&&**` ~E ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!X~E F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **p~E ]Ɋ& !X~E F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p~E ]Ɋ& !X~E F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**h~E ]Ɋ& !X~E F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h~E ]Ɋ& !X~E F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h~E ]Ɋ& !X~E F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**~E ]Ɋ&  !~E F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=44a130e3-1681-4905-be7e-ed46d76085ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8=~E ]Ɋ& !8=~E F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=44a130e3-1681-4905-be7e-ed46d76085ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**շ~E ]Ɋ& '!Xշ~E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**շ~E ]Ɋ& ?!Xշ~E F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**շ~E ]Ɋ& ;!Xշ~E F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0-b**շ~E ]Ɋ& 3!Xշ~E F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**շ~E ]Ɋ& 3!Xշ~E F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b11**շ~E ]Ɋ& 5!Xշ~E F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0շ~E ]Ɋ& !շ~E F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=32ab67f1-297b-4fa6-875e-07b0c4d0db13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@~E ]Ɋ& !~E F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=32ab67f1-297b-4fa6-875e-07b0c4d0db13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**VG ]Ɋ& )!XVG F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**VG ]Ɋ& A!XVG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **VG ]Ɋ& =!XVG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**VG ]Ɋ& 5!XVG F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**VG ]Ɋ& 5!XVG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **VG ]Ɋ& 7!XVG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0VG ]Ɋ& !VG F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77bdc286-2e51-4638-a476-d08bef10dae6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@LG ]Ɋ& !LG F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77bdc286-2e51-4638-a476-d08bef10dae6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**XLG ]Ɋ& !XLG F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pLG ]Ɋ& !XLG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**hLG ]Ɋ& !XLG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`LG ]Ɋ& !XLG F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**`LG ]Ɋ& !XLG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**hLG ]Ɋ& !XLG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih**G ]Ɋ&  !G F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=048340e7-f8a9-4df7-ad66-6def6a5c6dbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**G ]Ɋ& !G F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=048340e7-f8a9-4df7-ad66-6def6a5c6dbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8G ]Ɋ& !XG F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**PG ]Ɋ& !XG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**PG ]Ɋ& !XG F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**HG ]Ɋ& !XG F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**HG ]Ɋ& !XG F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**HG ]Ɋ& !XG F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**G ]Ɋ& !G F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8c19feb-0a63-4394-bebf-98d1ccc5e895 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **G ]Ɋ& !G F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8c19feb-0a63-4394-bebf-98d1ccc5e895 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X}G ]Ɋ& !X}G F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p}G ]Ɋ& !X}G F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**h}G ]Ɋ& !X}G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`}G ]Ɋ& !X}G F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`}G ]Ɋ& !X}G F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`}G ]Ɋ& !X}G F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**}G ]Ɋ& !}G F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7bafb0e2-2cd2-4826-b25e-8ec2fcdd2b93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**}G ]Ɋ& !}G F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7bafb0e2-2cd2-4826-b25e-8ec2fcdd2b93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(}G ]Ɋ& !X}G F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@}G ]Ɋ& !X}G F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @riptName=  ]Ɋ& X}G F&X13Cj F&]Ɋ& meXNl> F&e=ElfChnkPtEbu"Mu=VysMc&&**@ }G ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!X}G F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8}G ]Ɋ& !X}G F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8}G ]Ɋ& !X}G F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8}G ]Ɋ& !X}G F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**GG ]Ɋ& !GG F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a9ac1a96-562f-4940-8072-c3b8141fdc24 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re**ݮG ]Ɋ& !ݮG F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a9ac1a96-562f-4940-8072-c3b8141fdc24 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X G ]Ɋ& !X G F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**p G ]Ɋ& !X G F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p G ]Ɋ& !X G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**h G ]Ɋ& !X G F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**h G ]Ɋ& !X G F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h G ]Ɋ& !X G F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth** G ]Ɋ&  ! G F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b4f9cbb-ec8f-4740-9473-57bd8e774dc3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**xG ]Ɋ& !xG F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b4f9cbb-ec8f-4740-9473-57bd8e774dc3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**xG ]Ɋ& '!XxG F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**xG ]Ɋ& ?!XxG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**xG ]Ɋ& ;!XxG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4a**xG ]Ɋ& 3!XxG F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****xG ]Ɋ& 3!XxG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=abe**xG ]Ɋ& 5!XxG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0xG ]Ɋ& !xG F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=02ac4d71-44cc-4dc0-bf3d-9993ca56e961 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@ΩG ]Ɋ& !ΩG F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=02ac4d71-44cc-4dc0-bf3d-9993ca56e961 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**w=J ]Ɋ& )!Xw=J F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**w=J ]Ɋ& A!Xw=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId**w=J ]Ɋ& =!Xw=J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**w=J ]Ɋ& 5!Xw=J F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/**w=J ]Ɋ& 5!Xw=J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3f**w=J ]Ɋ& 7!Xw=J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0O=J ]Ɋ& !O=J F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b16024fd-5b39-4d47-8f4d-96071f91b670 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@樢=J ]Ɋ& !樢=J F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b16024fd-5b39-4d47-8f4d-96071f91b670 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**X|A=J ]Ɋ& !X|A=J F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p|A=J ]Ɋ& !X|A=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h|A=J ]Ɋ& !X|A=J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`|A=J ]Ɋ& !X|A=J F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`|A=J ]Ɋ& !X|A=J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**h|A=J ]Ɋ& !X|A=J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**|A=J ]Ɋ&  !|A=J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9a83d34-00a3-4865-954f-834a477e05f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**|A=J ]Ɋ& !|A=J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9a83d34-00a3-4865-954f-834a477e05f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8|A=J ]Ɋ& !X|A=J F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**P|A=J ]Ɋ& !X|A=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**P|A=J ]Ɋ& !X|A=J F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**H|A=J ]Ɋ& !X|A=J F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**H|A=J ]Ɋ& !X|A=J F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**H|A=J ]Ɋ& !X|A=J F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**|A=J ]Ɋ& !|A=J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a472f60a-ce3a-405d-860b-baa4730e842e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**ڣ=J ]Ɋ& !ڣ=J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a472f60a-ce3a-405d-860b-baa4730e842e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**Xڣ=J ]Ɋ& !Xڣ=J F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pڣ=J ]Ɋ& !Xڣ=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**hڣ=J ]Ɋ& !Xڣ=J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  Xڣ=J F&CommandPath= CommandLine= @riptName=  ]Ɋ& X}G F&X13Cj F&]Ɋ& meXNl> F&e=ElfChnk00XV]0bjMu=VysMc&&**hڣ=J ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!Xڣ=J F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`ڣ=J ]Ɋ& !Xڣ=J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`ڣ=J ]Ɋ& !Xڣ=J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**ڣ=J ]Ɋ& !ڣ=J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7fd8f18d-6067-4892-aa43-0a77323ff812 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ڣ=J ]Ɋ& !ڣ=J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7fd8f18d-6067-4892-aa43-0a77323ff812 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(r=J ]Ɋ& !Xr=J F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@r=J ]Ɋ& !Xr=J F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@r=J ]Ɋ& !Xr=J F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8r=J ]Ɋ& !Xr=J F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8 r=J ]Ɋ& !Xr=J  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8 r=J ]Ɋ& !Xr=J  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8** r=J ]Ɋ& !r=J  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a7ecf95f-ff98-44e2-b495-0d2903a80c5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0** @ =J ]Ɋ& !@ =J  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a7ecf95f-ff98-44e2-b495-0d2903a80c5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**X m<=J ]Ɋ& !Xm<=J  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pm<=J ]Ɋ& !Xm<=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**pm<=J ]Ɋ& !Xm<=J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hm<=J ]Ɋ& !Xm<=J F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**hm<=J ]Ɋ& !Xm<=J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**hm<=J ]Ɋ& !Xm<=J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5dh**m<=J ]Ɋ&  !m<=J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03c9ca52-c024-4b23-b808-d2abc4ac80da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **զ=J ]Ɋ& !զ=J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03c9ca52-c024-4b23-b808-d2abc4ac80da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base**m=J ]Ɋ& '!Xm=J F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**m=J ]Ɋ& ?!Xm=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**m=J ]Ɋ& ;!Xm=J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe**m=J ]Ɋ& 3!Xm=J F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F**m=J ]Ɋ& 3!Xm=J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers**m=J ]Ɋ& 5!Xm=J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0m=J ]Ɋ& !m=J F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=836efcc1-fe89-4a4b-97ad-cb9576d64057 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1b0**@0=J ]Ɋ& !0=J F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=836efcc1-fe89-4a4b-97ad-cb9576d64057 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @**YrL ]Ɋ& )!XYrL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**YrL ]Ɋ& A!XYrL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**YrL ]Ɋ& =!XYrL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** YrL ]Ɋ& 5!XYrL  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**!YrL ]Ɋ& 5!XYrL! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**"YrL ]Ɋ& 7!XYrL" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0#YrL ]Ɋ& !YrL# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22f395e3-79af-45bc-a313-67beb44bfe12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@$rL ]Ɋ& !rL$ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22f395e3-79af-45bc-a313-67beb44bfe12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10@**X%I#tL ]Ɋ& !XI#tL% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConX**p&I#tL ]Ɋ& !XI#tL& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVp**h'I#tL ]Ɋ& !XI#tL' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**`(I#tL ]Ɋ& !XI#tL( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**`)I#tL ]Ɋ& !XI#tL) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5`**h*I#tL ]Ɋ& !XI#tL* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ae2ch**+I#tL ]Ɋ&  !I#tL+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6798c8c-26f5-4371-b9ac-ec8fcd28c73d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=us |**,I#tL ]Ɋ& !I#tL, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6798c8c-26f5-4371-b9ac-ec8fcd28c73d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sE**8-߻tL ]Ɋ& !X߻tL- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P.߻tL ]Ɋ& !X߻tL. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liP**P/߻tL ]Ɋ& !X߻tL/ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c2b7P**H0߻tL ]Ɋ& !X߻tL0 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH]Ɋ& ]Ɋ& l>X߻tL1 ElfChnk1a1aH+]Mu=VysMc&&**H1߻tL ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X߻tL1 F&F%g>9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**H2߻tL ]Ɋ& !X߻tL2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**3߻tL ]Ɋ& !߻tL3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=005b51a4-ff77-47a7-acb8-672acf41c07e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**4߻tL ]Ɋ& !߻tL4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=005b51a4-ff77-47a7-acb8-672acf41c07e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X5vTuL ]Ɋ& !XvTuL5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**p6vTuL ]Ɋ& !XvTuL6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**h7vTuL ]Ɋ& !XvTuL7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`8vTuL ]Ɋ& !XvTuL8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`9vTuL ]Ɋ& !XvTuL9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`:vTuL ]Ɋ& !XvTuL: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**;vTuL ]Ɋ& !vTuL; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f83a1a9-9bcf-4b70-937d-1087fb363420 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<vTuL ]Ɋ& !vTuL< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f83a1a9-9bcf-4b70-937d-1087fb363420 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(=vTuL ]Ɋ& !XvTuL= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c(**@>vTuL ]Ɋ& !XvTuL> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@?vTuL ]Ɋ& !XvTuL? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8@vTuL ]Ɋ& !XvTuL@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8AvTuL ]Ɋ& !XvTuLA F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8BvTuL ]Ɋ& !XvTuLB F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**CvTuL ]Ɋ& !vTuLC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=475a1ecb-f62f-430b-9cc5-d8607193d0e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **DvL ]Ɋ& !vLD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=475a1ecb-f62f-430b-9cc5-d8607193d0e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**XEжwL ]Ɋ& !XжwLE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pFжwL ]Ɋ& !XжwLF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pGжwL ]Ɋ& !XжwLG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hHжwL ]Ɋ& !XжwLH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hIжwL ]Ɋ& !XжwLI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hJжwL ]Ɋ& !XжwLJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**KжwL ]Ɋ&  !жwLK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7117981f-d115-4e20-a5ed-ad0f35c92d19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**LfOxL ]Ɋ& !fOxLL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7117981f-d115-4e20-a5ed-ad0f35c92d19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**MfOxL ]Ɋ& '!XfOxLM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **NfOxL ]Ɋ& ?!XfOxLN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**OfOxL ]Ɋ& ;!XfOxLO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**PfOxL ]Ɋ& 3!XfOxLP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **QfOxL ]Ɋ& 3!XfOxLQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**RfOxL ]Ɋ& 5!XfOxLR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0SfOxL ]Ɋ& !fOxLS F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0aebe366-13d9-479d-a448-cf01276fabaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@TyL ]Ɋ& !yLT F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0aebe366-13d9-479d-a448-cf01276fabaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-67b@**UwN ]Ɋ& )!XwNU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**VwN ]Ɋ& A!XwNV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**WwN ]Ɋ& =!XwNW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a3**XwN ]Ɋ& 5!XwNX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**YwN ]Ɋ& 5!XwNY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**ZwN ]Ɋ& 7!XwNZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I**0[wN ]Ɋ& !wN[ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5d121bd-9687-4ce0-a16e-a7c509d9db40 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@\,N ]Ɋ& !,N\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5d121bd-9687-4ce0-a16e-a7c509d9db40 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X],N ]Ɋ& !X,N] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p^,N ]Ɋ& !X,N^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h_,N ]Ɋ& !X,N_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**``,N ]Ɋ& !X,N` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`a,N ]Ɋ& !X,Na F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==` FH] ]Ɋ& X,Nb F& ElfChnkbbUKCMu=VysMc&&**hb,N ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! I!X,Nb F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**c,N ]Ɋ&  !,Nc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=66138bef-09b1-4ca2-aba6-9db66cb8b1f4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=߸**dAN ]Ɋ& !ANd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=66138bef-09b1-4ca2-aba6-9db66cb8b1f4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8eAN ]Ɋ& !XANe F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PfAN ]Ɋ& !XANf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PgAN ]Ɋ& !XANg F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**HhAN ]Ɋ& !XANh F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**HiAN ]Ɋ& !XANi F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**HjAN ]Ɋ& !XANj F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H**kAN ]Ɋ& !ANk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77673425-35d9-499f-8e8a-a7b16b8da475 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;**lAN ]Ɋ& !ANl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77673425-35d9-499f-8e8a-a7b16b8da475 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XmAN ]Ɋ& !XANm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**pnAN ]Ɋ& !XANn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**hoAN ]Ɋ& !XANo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`pAN ]Ɋ& !XANp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`qAN ]Ɋ& !XANq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`rAN ]Ɋ& !XANr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**sYڏN ]Ɋ& !YڏNs F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=426dc57a-748a-4d24-ad53-827fd07dfada PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**tYڏN ]Ɋ& !YڏNt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=426dc57a-748a-4d24-ad53-827fd07dfada PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(uYڏN ]Ɋ& !XYڏNu F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@vYڏN ]Ɋ& !XYڏNv F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@wYڏN ]Ɋ& !XYڏNw F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**8xYڏN ]Ɋ& !XYڏNx F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8yYڏN ]Ɋ& !XYڏNy F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8zYڏN ]Ɋ& !XYڏNz F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**{YڏN ]Ɋ& !YڏN{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=abaca036-4d26-4845-8edf-47014a7578f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**|rN ]Ɋ& !rN| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=abaca036-4d26-4845-8edf-47014a7578f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**X}9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31051706-5f5a-4df1-a2df-54ada9fba379 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a215088b-9638-434d-8395-8f12baf83eef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@4XQ ]Ɋ& !4XQ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31051706-5f5a-4df1-a2df-54ada9fba379 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a215088b-9638-434d-8395-8f12baf83eef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**X4XQ ]Ɋ& !X4XQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**p4XQ ]Ɋ& !X4XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**h4XQ ]Ɋ& !X4XQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**`4XQ ]Ɋ& !X4XQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**`4XQ ]Ɋ& !X4XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**h4XQ ]Ɋ& !X4XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh**4XQ ]Ɋ&  !4XQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=74c6623a-745f-4e4c-b8b9-8415cd2d86f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**7A5XQ ]Ɋ& !7A5XQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=74c6623a-745f-4e4c-b8b9-8415cd2d86f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**87A5XQ ]Ɋ& !X7A5XQ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**P7A5XQ ]Ɋ& !X7A5XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**P7A5XQ ]Ɋ& !X7A5XQ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**H7A5XQ ]Ɋ& !X7A5XQ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**H7A5XQ ]Ɋ& !X7A5XQ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**H7A5XQ ]Ɋ& !X7A5XQ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH**7A5XQ ]Ɋ& !7A5XQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=43c51f67-808b-47b0-976f-32b075e06634 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN**5XQ ]Ɋ& !5XQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=43c51f67-808b-47b0-976f-32b075e06634 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X5XQ ]Ɋ& !X5XQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==426X**p5XQ ]Ɋ& !X5XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**h5XQ ]Ɋ& !X5XQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**`5XQ ]Ɋ& !X5XQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**`5XQ ]Ɋ& !X5XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**`5XQ ]Ɋ& !X5XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**5XQ ]Ɋ& !5XQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae39f000-fbd6-40c4-bad8-009733c715ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**5XQ ]Ɋ& !5XQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae39f000-fbd6-40c4-bad8-009733c715ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(dr6XQ ]Ɋ& !Xdr6XQ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@dr6XQ ]Ɋ& !Xdr6XQ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@dr6XQ ]Ɋ& !Xdr6XQ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**8dr6XQ ]Ɋ& !Xdr6XQ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**8dr6XQ ]Ɋ& !Xdr6XQ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**8dr6XQ ]Ɋ& !Xdr6XQ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**dr6XQ ]Ɋ& !dr6XQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=64b67c2c-64da-43ad-b485-a14d19e2d9cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru** 7XQ ]Ɋ& ! 7XQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=64b67c2c-64da-43ad-b485-a14d19e2d9cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**X(<8XQ ]Ɋ& !X(<8XQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**p(<8XQ ]Ɋ& !X(<8XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**p(<8XQ ]Ɋ& !X(<8XQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**h(<8XQ ]Ɋ& !X(<8XQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**h(<8XQ ]Ɋ& !X(<8XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**h(<8XQ ]Ɋ& !X(<8XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**(<8XQ ]Ɋ&  !(<8XQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa8314c8-51f5-460f-8ed0-22fa7795adb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8XQ ]Ɋ& !8XQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa8314c8-51f5-460f-8ed0-22fa7795adb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var**8XQ ]Ɋ& '!X8XQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**8XQ ]Ɋ& ?!X8XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8XQ ]Ɋ& ;!X8XQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8XQ ]Ɋ& 3!X8XQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**8XQ ]Ɋ& 3!X8XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8XQ ]Ɋ& 5!X8XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 358XQ F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**tw3XQ ]Ɋ& 7!Xtw3XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31051706-5f5a-4df1-a2df-54ada9fba379 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkHDV*";Mu=VysMc&&**8 8XQ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !8XQ F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0bc1672d-e9c5-4883-8854-4f1647ba96ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6-58 **@:XQ ]Ɋ& !:XQ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0bc1672d-e9c5-4883-8854-4f1647ba96ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**qdS ]Ɋ& )!XqdS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**qdS ]Ɋ& A!XqdS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **qdS ]Ɋ& =!XqdS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **qdS ]Ɋ& 5!XqdS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=41**qdS ]Ɋ& 5!XqdS F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**qdS ]Ɋ& 7!XqdS F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0qdS ]Ɋ& !qdS F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=336ba9a6-4717-4c52-b51e-5eb2bfa6e026 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@S ]Ɋ& !S F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=336ba9a6-4717-4c52-b51e-5eb2bfa6e026 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**XS ]Ɋ& !XS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pS ]Ɋ& !XS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hS ]Ɋ& !XS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`S ]Ɋ& !XS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`S ]Ɋ& !XS F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hS ]Ɋ& !XS F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5XQh**S ]Ɋ&  !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f708a08d-1b07-4124-a9a2-bcac529988ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f708a08d-1b07-4124-a9a2-bcac529988ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**84.S ]Ɋ& !X4.S F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P4.S ]Ɋ& !X4.S F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P4.S ]Ɋ& !X4.S F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**H4.S ]Ɋ& !X4.S F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H4.S ]Ɋ& !X4.S F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H4.S ]Ɋ& !X4.S F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**4.S ]Ɋ& !4.S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a812e812-9c3b-461c-8c3e-73e073cc2604 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4.S ]Ɋ& !4.S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a812e812-9c3b-461c-8c3e-73e073cc2604 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X4.S ]Ɋ& !X4.S F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p4.S ]Ɋ& !X4.S F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**h4.S ]Ɋ& !X4.S F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`4.S ]Ɋ& !X4.S F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6d`**`4.S ]Ɋ& !X4.S F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**`4.S ]Ɋ& !X4.S F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**4.S ]Ɋ& !4.S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=051fe4b6-9932-40fa-bad7-c14fef5b1859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=051fe4b6-9932-40fa-bad7-c14fef5b1859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(S ]Ɋ& !XS F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@S ]Ɋ& !XS F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@S ]Ɋ& !XS F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**8S ]Ɋ& !XS F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**8S ]Ɋ& !XS F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8S ]Ɋ& !XS F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**S ]Ɋ& !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d19bead4-618f-4b74-8b43-dab8aa80485b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**a_S ]Ɋ& !a_S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d19bead4-618f-4b74-8b43-dab8aa80485b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**XS ]Ɋ& !XS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**pS ]Ɋ& !XS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pS ]Ɋ& !XS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**hS ]Ɋ& !XS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**hS ]Ɋ& !XS F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**hS ]Ɋ& !XS F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**S ]Ɋ&  !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1ad381d-6ad2-4bd9-ab00-5ecc2b8c167e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**%)S ]Ɋ& !%)S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1ad381d-6ad2-4bd9-ab00-5ecc2b8c167e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=358XQ ]Ɋ&  CX%)S F&ommandPath= CommandLine=wP**tw3XQ ]Ɋ& 7!Xtw3XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31051706-5f5a-4df1-a2df-54ada9fba379 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk''( NBJMu=VysMc&&** %)S ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X%)S F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **%)S ]Ɋ& ?!X%)S F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**%)S ]Ɋ& ;!X%)S F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **%)S ]Ɋ& 3!X%)S F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**%)S ]Ɋ& 3!X%)S F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**%)S ]Ɋ& 5!X%)S F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0%)S ]Ɋ& !%)S F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f048b3e-420b-4f9f-9549-51f764930b41 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@RZS ]Ɋ& !RZS F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f048b3e-420b-4f9f-9549-51f764930b41 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @**7V ]Ɋ& )!X7V F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**7V ]Ɋ& A!X7V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsta**7V ]Ɋ& =!X7V F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=47**7V ]Ɋ& 5!X7V F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**7V ]Ɋ& 5!X7V F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**7V ]Ɋ& 7!X7V F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**07V ]Ɋ& !7V F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f2f6054d-5af4-44e3-9a15-efdd3b07d8ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**@hV ]Ɋ& !hV F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f2f6054d-5af4-44e3-9a15-efdd3b07d8ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**XhV ]Ɋ& !XhV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**phV ]Ɋ& !XhV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hhV ]Ɋ& !XhV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`hV ]Ɋ& !XhV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**` hV ]Ɋ& !XhV  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h hV ]Ɋ& !XhV  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.h** hV ]Ɋ&  !hV  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91795ead-72e6-49ec-ae61-8a0e35e3cc6a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** nV ]Ɋ& !nV  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91795ead-72e6-49ec-ae61-8a0e35e3cc6a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8 nV ]Ɋ& !XnV  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PnV ]Ɋ& !XnV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.P**PnV ]Ɋ& !XnV F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stP**HnV ]Ɋ& !XnV F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**HnV ]Ɋ& !XnV F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**HnV ]Ɋ& !XnV F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ameH**nV ]Ɋ& !nV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e7ec1a6-bda8-4777-ac38-c8ce3d414bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **nV ]Ɋ& !nV F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e7ec1a6-bda8-4777-ac38-c8ce3d414bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XnV ]Ɋ& !XnV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortX**pnV ]Ɋ& !XnV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=se.pp**hnV ]Ɋ& !XnV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cah**`nV ]Ɋ& !XnV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`nV ]Ɋ& !XnV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`nV ]Ɋ& !XnV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**nV ]Ɋ& !nV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a0c2932a-898a-421a-9014-ee649ee0a5d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R**V ]Ɋ& !V F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a0c2932a-898a-421a-9014-ee649ee0a5d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obj**(V ]Ɋ& !XV F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@V ]Ɋ& !XV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@V ]Ɋ& !XV F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7be@**8 V ]Ɋ& !XV  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8!V ]Ɋ& !XV! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tNa8**8"V ]Ɋ& !XV" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge8**#V ]Ɋ& !V# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ab7315ff-d568-46d1-a6c9-c3ae45c24288 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=al**$2V ]Ɋ& !2V$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ab7315ff-d568-46d1-a6c9-c3ae45c24288 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=432N**X%cV ]Ɋ& !XcV% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EX**p&cV ]Ɋ& !XcV& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p'cV ]Ɋ& !XcV' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=pnsoleHost  ]Ɋ& f-XcV( F&n=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk(Z(Z9}!bMu=VysMc&&**h (cV ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!XcV( F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h)cV ]Ɋ& !XcV) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**h*cV ]Ɋ& !XcV* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch**+cV ]Ɋ&  !cV+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b910671-2733-40d4-a4e3-379578c792a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**,_V ]Ɋ& !_V, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b910671-2733-40d4-a4e3-379578c792a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst**-_V ]Ɋ& '!X_V- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**._V ]Ɋ& ?!X_V. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**/_V ]Ɋ& ;!X_V/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**0_V ]Ɋ& 3!X_V0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**1_V ]Ɋ& 3!X_V1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**2_V ]Ɋ& 5!X_V2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**03V ]Ɋ& !V3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a12b5fa0-2b78-4259-bf0f-39c0e45a3a94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@4-V ]Ɋ& !-V4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a12b5fa0-2b78-4259-bf0f-39c0e45a3a94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**5ѫjX ]Ɋ& )!XѫjX5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**6ѫjX ]Ɋ& A!XѫjX6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**7ѫjX ]Ɋ& =!XѫjX7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**8ѫjX ]Ɋ& 5!XѫjX8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g **9ѫjX ]Ɋ& 5!XѫjX9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na**:ѫjX ]Ɋ& 7!XѫjX: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0;jjX ]Ɋ& !jjX; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=72653556-4b64-4578-b448-75eff7716c77 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=90**@<jX ]Ɋ& !jX< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=72653556-4b64-4578-b448-75eff7716c77 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C@**X=jX ]Ɋ& !XjX= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artX**p>jX ]Ɋ& !XjX> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceNp**h?jX ]Ɋ& !XjX? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`@jX ]Ɋ& !XjX@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**`AjX ]Ɋ& !XjXA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s`**hBjX ]Ɋ& !XjXB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 h**CjX ]Ɋ&  !jXC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad1a8e55-6335-45f9-a6d4-2cdd65867266 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ppli**DjX ]Ɋ& !jXD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad1a8e55-6335-45f9-a6d4-2cdd65867266 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**8EjX ]Ɋ& !XjXE F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f-8**PFjX ]Ɋ& !XjXF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=baP**PGjX ]Ɋ& !XjXG F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HP**HHjX ]Ɋ& !XjXH F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVerH**HIjX ]Ɋ& !XjXI F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leHoH**HJjX ]Ɋ& !XjXJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stNH**KjX ]Ɋ& !jXK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50b0f956-0fa4-4596-b9d0-51f34ccfe7cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsi**LC4jX ]Ɋ& !C4jXL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50b0f956-0fa4-4596-b9d0-51f34ccfe7cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**XMC4jX ]Ɋ& !XC4jXM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SX**pNC4jX ]Ɋ& !XC4jXN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hOC4jX ]Ɋ& !XC4jXO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**`PC4jX ]Ɋ& !XC4jXP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`QC4jX ]Ɋ& !XC4jXQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll`**`RC4jX ]Ɋ& !XC4jXR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**SC4jX ]Ɋ& !C4jXS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5da3da71-68c2-4bab-93e4-a85bd906094a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**TC4jX ]Ɋ& !C4jXT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5da3da71-68c2-4bab-93e4-a85bd906094a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uen**(U̮jX ]Ɋ& !X̮jXU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t(**@V̮jX ]Ɋ& !X̮jXV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@W̮jX ]Ɋ& !X̮jXW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**8X̮jX ]Ɋ& !X̮jXX F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liz8**8Y̮jX ]Ɋ& !X̮jXY F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin8**8Z̮jX ]Ɋ& !X̮jXZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnk[[@Da7Mu=VysMc&&** [̮jX ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! m!̮jX[ F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=26d69bfb-6777-46cc-9105-14bcefca5bfd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio **\pejX ]Ɋ& !pejX\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=26d69bfb-6777-46cc-9105-14bcefca5bfd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izat**X]jX ]Ɋ& !XjX] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p^jX ]Ɋ& !XjX^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**p_jX ]Ɋ& !XjX_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=opep**h`jX ]Ɋ& !XjX` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ltuh**hajX ]Ɋ& !XjXa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hbjX ]Ɋ& !XjXb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Idh**cjX ]Ɋ&  !jXc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0dc7521e-d9e0-4648-853b-83aa6767b0c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_θ**d4/jX ]Ɋ& !4/jXd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0dc7521e-d9e0-4648-853b-83aa6767b0c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**e4/jX ]Ɋ& '!X4/jXe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**f4/jX ]Ɋ& ?!X4/jXf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**g4/jX ]Ɋ& ;!X4/jXg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**h4/jX ]Ɋ& 3!X4/jXh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**i4/jX ]Ɋ& 3!X4/jXi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**j4/jX ]Ɋ& 5!X4/jXj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0k4/jX ]Ɋ& !4/jXk F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=6f59ea3a-7509-4766-a1bd-1708571cf972 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la0**@la`jX ]Ɋ& !a`jXl F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=6f59ea3a-7509-4766-a1bd-1708571cf972 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng -@**mv:Z ]Ɋ& )!Xv:Zm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**nv:Z ]Ɋ& A!Xv:Zn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=24-8**ov:Z ]Ɋ& =!Xv:Zo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**pv:Z ]Ɋ& 5!Xv:Zp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**qv:Z ]Ɋ& 5!Xv:Zq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**rv:Z ]Ɋ& 7!Xv:Zr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**0sv:Z ]Ɋ& !v:Zs F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a2c9545f-4871-4399-bfde-065c1cb504a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@t;Z ]Ɋ& !;Zt F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a2c9545f-4871-4399-bfde-065c1cb504a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pel@**Xu;Z ]Ɋ& !X;Zu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RX**pv;Z ]Ɋ& !X;Zv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersp**hw;Z ]Ɋ& !X;Zw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ph**`x;Z ]Ɋ& !X;Zx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**`y;Z ]Ɋ& !X;Zy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hz;Z ]Ɋ& !X;Zz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**{;Z ]Ɋ&  !;Z{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27c30b91-5164-4f08-a2cc-ed66a7313df7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**|:P9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0 **@g=Z ]Ɋ& !Xg=Z F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P@**@g=Z ]Ɋ& !Xg=Z F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lue@**8g=Z ]Ɋ& !Xg=Z F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndo8**8g=Z ]Ɋ& !Xg=Z F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4 8**8g=Z ]Ɋ& !Xg=Z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er8**g=Z ]Ɋ& !g=Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fc71f5bd-5156-433e-89a1-ed02c1008903 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**>Z ]Ɋ& !>Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fc71f5bd-5156-433e-89a1-ed02c1008903 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **X?Z ]Ɋ& !X?Z F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**p?Z ]Ɋ& !X?Z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**p?Z ]Ɋ& !X?Z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rinp**h?Z ]Ɋ& !X?Z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h?Z ]Ɋ& !X?Z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipth**h?Z ]Ɋ& !X?Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**?Z ]Ɋ&  !?Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd8c960e-0a0c-4a6c-bdb8-1cce04a5e04f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eg**W|@Z ]Ɋ& !W|@Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd8c960e-0a0c-4a6c-bdb8-1cce04a5e04f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=914-**W|@Z ]Ɋ& '!XW|@Z F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**W|@Z ]Ɋ& ?!XW|@Z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**W|@Z ]Ɋ& ;!XW|@Z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **W|@Z ]Ɋ& 3!XW|@Z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**W|@Z ]Ɋ& 3!XW|@Z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **W|@Z ]Ɋ& 5!XW|@Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0W|@Z ]Ɋ& !W|@Z F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a09de0e0-3a4d-409d-a8ab-c57e306018c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si0**@AZ ]Ɋ& !AZ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a09de0e0-3a4d-409d-a8ab-c57e306018c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**"] ]Ɋ& )!X"] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**"] ]Ɋ& A!X"] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**"] ]Ɋ& =!X"] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mI**"] ]Ɋ& 5!X"] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-5**"] ]Ɋ& 5!X"] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**"] ]Ɋ& 7!X"] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**0"] ]Ɋ& !"] F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b5f72a1-a453-4ab0-aa04-9d420bab2a44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@S] ]Ɋ& !S] F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b5f72a1-a453-4ab0-aa04-9d420bab2a44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XS] ]Ɋ& !XS] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= X**pS] ]Ɋ& !XS] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=~p**hS] ]Ɋ& !XS] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`S] ]Ɋ& !XS] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`S] ]Ɋ& !XS] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hS] ]Ɋ& !XS] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**S] ]Ɋ&  !S] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ebad93eb-eda0-4dec-a0de-e106c9f21e4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=None**] ]Ɋ& !] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ebad93eb-eda0-4dec-a0de-e106c9f21e4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**8] ]Ɋ& !X] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P] ]Ɋ& !X] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P] ]Ɋ& !X] F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H] ]Ɋ& !X] F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H] ]Ɋ& !X] F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H] ]Ɋ& !X] F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**] ]Ɋ& !] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ce62ca9-b04b-441d-a935-a8c68384e9a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**] ]Ɋ& !] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ce62ca9-b04b-441d-a935-a8c68384e9a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X%] ]Ɋ& !X%] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mandXne= En ]Ɋ& X%] F& F&ndPath= CommandLine=8F& ElfChnk@vX ѤMu=VysMc&&**p%] ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!X%] F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**h%] ]Ɋ& !X%] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**`%] ]Ɋ& !X%] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`%] ]Ɋ& !X%] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=97`**`%] ]Ɋ& !X%] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**%] ]Ɋ& !%] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b8504b3b-8519-48b5-9ada-d00a7f0b738f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**%] ]Ɋ& !%] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b8504b3b-8519-48b5-9ada-d00a7f0b738f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(%] ]Ɋ& !X%] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@%] ]Ɋ& !X%] F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@%] ]Ɋ& !X%] F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**8%] ]Ɋ& !X%] F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8%] ]Ɋ& !X%] F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**8%] ]Ɋ& !X%] F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**%] ]Ɋ& !%] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f8460eb2-2f81-4e91-892e-e60bf3e40d7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**] ]Ɋ& !] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f8460eb2-2f81-4e91-892e-e60bf3e40d7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**XN] ]Ɋ& !XN] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pN] ]Ɋ& !XN] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pN] ]Ɋ& !XN] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**hN] ]Ɋ& !XN] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hN] ]Ɋ& !XN] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hN] ]Ɋ& !XN] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**N] ]Ɋ&  !N] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4fd09fab-bc89-4290-899f-35794fd1c9b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **] ]Ɋ& !] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4fd09fab-bc89-4290-899f-35794fd1c9b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4e4**] ]Ɋ& '!X] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5**] ]Ɋ& ?!X] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**] ]Ɋ& ;!X] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que**] ]Ɋ& 3!X] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**] ]Ɋ& 3!X] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**] ]Ɋ& 5!X] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0] ]Ɋ& !] F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=86f60cfb-ce04-4671-8865-499d5bc93ef1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@] ]Ɋ& !] F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=86f60cfb-ce04-4671-8865-499d5bc93ef1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**>}_ ]Ɋ& )!X>}_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**>}_ ]Ɋ& A!X>}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**>}_ ]Ɋ& =!X>}_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **>}_ ]Ɋ& 5!X>}_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=97**>}_ ]Ɋ& 5!X>}_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**>}_ ]Ɋ& 7!X>}_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0>}_ ]Ɋ& !>}_ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52172c18-286d-44ae-bacb-52f9be58f6b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@0@}_ ]Ɋ& !0@}_ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52172c18-286d-44ae-bacb-52f9be58f6b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X@}_ ]Ɋ& !X@}_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p@}_ ]Ɋ& !X@}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h@}_ ]Ɋ& !X@}_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`@}_ ]Ɋ& !X@}_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`@}_ ]Ɋ& !X@}_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h@}_ ]Ɋ& !X@}_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**@}_ ]Ɋ&  !@}_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92ed80ac-c0b0-4ef3-b563-66de029fa6e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng**@}_ ]Ɋ& !@}_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92ed80ac-c0b0-4ef3-b563-66de029fa6e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8-aA}_ ]Ɋ& !X-aA}_ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**P-aA}_ ]Ɋ& !X-aA}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF& F&ndPath= CommandLine=8F& ElfChnk 7N WMu=VysMc&&**P-aA}_ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!X-aA}_ F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**H-aA}_ ]Ɋ& !X-aA}_ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H-aA}_ ]Ɋ& !X-aA}_ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**H-aA}_ ]Ɋ& !X-aA}_ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH**-aA}_ ]Ɋ& !-aA}_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59245d17-1112-478e-b20a-7cab2bfe3bc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**-aA}_ ]Ɋ& !-aA}_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59245d17-1112-478e-b20a-7cab2bfe3bc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**XA}_ ]Ɋ& !XA}_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**pA}_ ]Ɋ& !XA}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**hA}_ ]Ɋ& !XA}_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**`A}_ ]Ɋ& !XA}_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1e`**`A}_ ]Ɋ& !XA}_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**`A}_ ]Ɋ& !XA}_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**A}_ ]Ɋ& !A}_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a859434-fda5-4f86-aee8-ed0b5e200af1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**A}_ ]Ɋ& !A}_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a859434-fda5-4f86-aee8-ed0b5e200af1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**(ZB}_ ]Ɋ& !XZB}_ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@ZB}_ ]Ɋ& !XZB}_ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@ZB}_ ]Ɋ& !XZB}_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**8ZB}_ ]Ɋ& !XZB}_ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**8ZB}_ ]Ɋ& !XZB}_ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**8ZB}_ ]Ɋ& !XZB}_ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**ZB}_ ]Ɋ& !ZB}_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b34afee6-866c-4c34-96e3-f57d46bc0776 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ***C}_ ]Ɋ& !*C}_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b34afee6-866c-4c34-96e3-f57d46bc0776 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**XD}_ ]Ɋ& !XD}_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pD}_ ]Ɋ& !XD}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**pD}_ ]Ɋ& !XD}_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**hD}_ ]Ɋ& !XD}_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**h D}_ ]Ɋ& !XD}_  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**h D}_ ]Ɋ& !XD}_  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh** D}_ ]Ɋ&  !D}_  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1fd11adb-4625-4bf0-b65c-782b1aad2501 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** KE}_ ]Ɋ& !KE}_  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1fd11adb-4625-4bf0-b65c-782b1aad2501 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq** %F}_ ]Ɋ& '!X%F}_  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**%F}_ ]Ɋ& ?!X%F}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**%F}_ ]Ɋ& ;!X%F}_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**%F}_ ]Ɋ& 3!X%F}_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, **%F}_ ]Ɋ& 3!X%F}_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**%F}_ ]Ɋ& 5!X%F}_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0%F}_ ]Ɋ& !%F}_ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cee6f6fd-eda1-4eeb-b5a9-c8fecb4a6daa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@xF}_ ]Ɋ& !xF}_ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cee6f6fd-eda1-4eeb-b5a9-c8fecb4a6daa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**a ]Ɋ& )!Xa F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**a ]Ɋ& A!Xa F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**a ]Ɋ& =!Xa F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**a ]Ɋ& 5!Xa F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**a ]Ɋ& 5!Xa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**a ]Ɋ& 7!Xa F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0Aa ]Ɋ& !Aa F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d261511-6aed-4046-8e4b-e09094a221ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@Aa ]Ɋ& !Aa F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d261511-6aed-4046-8e4b-e09094a221ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**XAa ]Ɋ& !XAa F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fa6X**pAa ]Ɋ& !XAa F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**hAa ]Ɋ& !XAa F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XAa  F&dLine=8F& ElfChnk O O(2\J#1Mu=VysMc&&**h Aa ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!XAa  F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-aAh**`!Aa ]Ɋ& !XAa! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h"Aa ]Ɋ& !XAa" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**#Aa ]Ɋ&  !Aa# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70a58388-00c8-4e8b-ba32-c36c25c78658 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$na ]Ɋ& !na$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70a58388-00c8-4e8b-ba32-c36c25c78658 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**8%na ]Ɋ& !Xna% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P&na ]Ɋ& !Xna& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P'na ]Ɋ& !Xna' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H(na ]Ɋ& !Xna( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H)na ]Ɋ& !Xna) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_H**H*na ]Ɋ& !Xna* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**+na ]Ɋ& !na+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=db330a59-ebc4-4bf0-94fb-29588ec9d6d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,na ]Ɋ& !na, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=db330a59-ebc4-4bf0-94fb-29588ec9d6d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X-sa ]Ɋ& !Xsa- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**p.sa ]Ɋ& !Xsa. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**h/sa ]Ɋ& !Xsa/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**`0sa ]Ɋ& !Xsa0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`1sa ]Ɋ& !Xsa1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`2sa ]Ɋ& !Xsa2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**3sa ]Ɋ& !sa3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37bcb67d-8f45-41d5-93e9-3a7bb694f314 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4sa ]Ɋ& !sa4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37bcb67d-8f45-41d5-93e9-3a7bb694f314 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**(5sa ]Ɋ& !Xsa5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@6sa ]Ɋ& !Xsa6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@7sa ]Ɋ& !Xsa7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**88sa ]Ɋ& !Xsa8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**89sa ]Ɋ& !Xsa9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8758**8:sa ]Ɋ& !Xsa: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**;sa ]Ɋ& !sa; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6964d0ad-0ca2-4d6f-8eee-a1ce192c650b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<2a ]Ɋ& !2a< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6964d0ad-0ca2-4d6f-8eee-a1ce192c650b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **X=_a ]Ɋ& !X_a= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p>_a ]Ɋ& !X_a> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p?_a ]Ɋ& !X_a? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**h@_a ]Ɋ& !X_a@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**hA_a ]Ɋ& !X_aA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**hB_a ]Ɋ& !X_aB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**C_a ]Ɋ&  !_aC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fcbee28b-bea2-4945-895a-3df8c3bdff30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Dma ]Ɋ& !maD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fcbee28b-bea2-4945-895a-3df8c3bdff30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **Ema ]Ɋ& '!XmaE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**Fma ]Ɋ& ?!XmaF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**Gma ]Ɋ& ;!XmaG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**Hma ]Ɋ& 3!XmaH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**Ima ]Ɋ& 3!XmaI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS**Jma ]Ɋ& 5!XmaJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**0Kma ]Ɋ& !maK F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3eb33533-5a9b-4ac4-a7e6-5b452f099545 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@L"a ]Ɋ& !"aL F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3eb33533-5a9b-4ac4-a7e6-5b452f099545 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**M+d ]Ɋ& )!X+dM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**N+d ]Ɋ& A!X+dN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**O+d ]Ɋ& =!X+dO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNX+dP F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XAa  F&dLine=8F& ElfChnkPPp)&AI3Mu=VysMc&&**P+d ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X+dP F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **Q+d ]Ɋ& 5!X+dQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**R+d ]Ɋ& 7!X+dR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0S+d ]Ɋ& !+dS F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cf0291b4-e431-458b-b01d-12d21ad80408 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@T+d ]Ɋ& !+dT F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cf0291b4-e431-458b-b01d-12d21ad80408 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1e2@**XU+d ]Ɋ& !X+dU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**pV+d ]Ɋ& !X+dV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ef4p**hW+d ]Ɋ& !X+dW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4h**`X+d ]Ɋ& !X+dX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`Y+d ]Ɋ& !X+dY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hZ+d ]Ɋ& !X+dZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**[+d ]Ɋ&  !+d[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=175ce887-ed97-4d58-8bb1-f5dcde875401 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS**\o+d ]Ɋ& !o+d\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=175ce887-ed97-4d58-8bb1-f5dcde875401 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8]o+d ]Ɋ& !Xo+d] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**P^o+d ]Ɋ& !Xo+d^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**P_o+d ]Ɋ& !Xo+d_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**H`o+d ]Ɋ& !Xo+d` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**Hao+d ]Ɋ& !Xo+da F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**Hbo+d ]Ɋ& !Xo+db F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4b1H**co+d ]Ɋ& !o+dc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=60fd8e84-d973-40ef-9c4f-278525c014f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**do+d ]Ɋ& !o+dd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=60fd8e84-d973-40ef-9c4f-278525c014f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**Xe+d ]Ɋ& !X+de F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e901X**pf+d ]Ɋ& !X+df F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**hg+d ]Ɋ& !X+dg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`h+d ]Ɋ& !X+dh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**`i+d ]Ɋ& !X+di F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`j+d ]Ɋ& !X+dj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`**k+d ]Ɋ& !+dk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48ea3303-b984-42e5-9f5c-4bd7e9337579 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**l+d ]Ɋ& !+dl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48ea3303-b984-42e5-9f5c-4bd7e9337579 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=22c**(m+d ]Ɋ& !X+dm F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@n+d ]Ɋ& !X+dn F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@o+d ]Ɋ& !X+do F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8p+d ]Ɋ& !X+dp F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8q+d ]Ɋ& !X+dq F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8r+d ]Ɋ& !X+dr F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8**s+d ]Ɋ& !+ds F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e6df2b97-e6e0-4945-ae0e-bfeecfa459b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=00**tD9+d ]Ɋ& !D9+dt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e6df2b97-e6e0-4945-ae0e-bfeecfa459b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**Xu+d ]Ɋ& !X+du F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**pv+d ]Ɋ& !X+dv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pw+d ]Ɋ& !X+dw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hx+d ]Ɋ& !X+dx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**hy+d ]Ɋ& !X+dy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**hz+d ]Ɋ& !X+dz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b1h**{+d ]Ɋ&  !+d{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=55929b16-4e7d-4df6-bcff-1435af856f53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**|+d ]Ɋ& !+d| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=55929b16-4e7d-4df6-bcff-1435af856f53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue**}+d ]Ɋ& '!X+d} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**~+d ]Ɋ& ?!X+d~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**+d ]Ɋ& ;!X+d F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**+d ]Ɋ& 3!X+d F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioX+d F&4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNX+dP F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XAa  F&dLine=8F& ElfChnkHHrK5)Mu=VysMc&&** +d ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X+d F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **+d ]Ɋ& 5!X+d F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0+d ]Ɋ& !+d F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e7725b07-094f-45b5-892b-057f779ee8a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=450**@44+d ]Ɋ& !44+d F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e7725b07-094f-45b5-892b-057f779ee8a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**f ]Ɋ& )!Xf F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **f ]Ɋ& A!Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**f ]Ɋ& =!Xf F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**f ]Ɋ& 5!Xf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5a**f ]Ɋ& 5!Xf F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns**f ]Ɋ& 7!Xf F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0Jf ]Ɋ& !Jf F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2108218a-ca7e-4fcd-8d6d-fafc90f20fe0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@f ]Ɋ& !f F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2108218a-ca7e-4fcd-8d6d-fafc90f20fe0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**XG{f ]Ɋ& !XG{f F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**pG{f ]Ɋ& !XG{f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hG{f ]Ɋ& !XG{f F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`G{f ]Ɋ& !XG{f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`G{f ]Ɋ& !XG{f F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hG{f ]Ɋ& !XG{f F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh**G{f ]Ɋ&  !G{f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a8959d8-56ba-425f-9734-eecc86c7b0d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe**G{f ]Ɋ& !G{f F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a8959d8-56ba-425f-9734-eecc86c7b0d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**8f ]Ɋ& !Xf F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**Pf ]Ɋ& !Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**Pf ]Ɋ& !Xf F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=+dP**Hf ]Ɋ& !Xf F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**Hf ]Ɋ& !Xf F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hf ]Ɋ& !Xf F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**f ]Ɋ& !f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0ba4f56f-b76e-4799-ab69-e603f05b359b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**f ]Ɋ& !f F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0ba4f56f-b76e-4799-ab69-e603f05b359b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xf ]Ɋ& !Xf F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**pf ]Ɋ& !Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**hf ]Ɋ& !Xf F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`f ]Ɋ& !Xf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=61`**`f ]Ɋ& !Xf F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**`f ]Ɋ& !Xf F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**f ]Ɋ& !f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=adf1980a-f73f-4b7f-9d6a-2774d37f8bb2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**tf ]Ɋ& !tf F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=adf1980a-f73f-4b7f-9d6a-2774d37f8bb2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==e6**(tf ]Ɋ& !Xtf F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@tf ]Ɋ& !Xtf F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@tf ]Ɋ& !Xtf F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**8tf ]Ɋ& !Xtf F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8tf ]Ɋ& !Xtf F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8tf ]Ɋ& !Xtf F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**tf ]Ɋ& !tf F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2cac9b3a-e921-4648-8c46-ae20e9493a1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S**Ïf ]Ɋ& !Ïf F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2cac9b3a-e921-4648-8c46-ae20e9493a1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**Xeŏf ]Ɋ& !Xeŏf F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**peŏf ]Ɋ& !Xeŏf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**peŏf ]Ɋ& !Xeŏf F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**heŏf ]Ɋ& !Xeŏf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**heŏf ]Ɋ& !Xeŏf F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**heŏf ]Ɋ& !Xeŏf F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !eŏf F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk8RUz-Mu=VysMc&&** eŏf ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !eŏf F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art **?Əf ]Ɋ& !?Əf F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=4**Əf ]Ɋ& '!XƏf F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**Əf ]Ɋ& ?!XƏf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**Əf ]Ɋ& ;!XƏf F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**Əf ]Ɋ& 3!XƏf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**Əf ]Ɋ& 3!XƏf F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **Əf ]Ɋ& 5!XƏf F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**0Əf ]Ɋ& !Əf F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=550083d0-b5aa-4bdd-b1d1-e5ab2dbaa1e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=180**@ ȏf ]Ɋ& ! ȏf F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=550083d0-b5aa-4bdd-b1d1-e5ab2dbaa1e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d P@**Oh ]Ɋ& )!XOh F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Oh ]Ɋ& A!XOh F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**Oh ]Ɋ& =!XOh F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Oh ]Ɋ& 5!XOh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**Oh ]Ɋ& 5!XOh F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cl**Oh ]Ɋ& 7!XOh F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0Oh ]Ɋ& !Oh F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=371eb9be-a3a9-4b10-9486-4ce040eb279e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@̀ h ]Ɋ& !̀ h F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=371eb9be-a3a9-4b10-9486-4ce040eb279e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art@**X̀ h ]Ɋ& !X̀ h F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d X**p̀ h ]Ɋ& !X̀ h F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=p**h̀ h ]Ɋ& !X̀ h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ch**`̀ h ]Ɋ& !X̀ h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`̀ h ]Ɋ& !X̀ h F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**h̀ h ]Ɋ& !X̀ h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tId=h**̀ h ]Ɋ&  !̀ h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=808a775e-7563-4785-bfb1-0775e831ffc6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=08-4**̀ h ]Ɋ& !̀ h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=808a775e-7563-4785-bfb1-0775e831ffc6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**8c!h ]Ɋ& !Xc!h F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=038**Pc!h ]Ɋ& !Xc!h F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tIP**Pc!h ]Ɋ& !Xc!h F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==4.0P**Hc!h ]Ɋ& !Xc!h F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**Hc!h ]Ɋ& !Xc!h F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConsH**Hc!h ]Ɋ& !Xc!h F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**c!h ]Ɋ& !c!h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17ee1658-8ab9-418d-ad0c-480c503c77bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=equ**c!h ]Ɋ& !c!h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17ee1658-8ab9-418d-ad0c-480c503c77bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**Xc!h ]Ɋ& !Xc!h F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pc!h ]Ɋ& !Xc!h F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Scp**hc!h ]Ɋ& !Xc!h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dOh**`c!h ]Ɋ& !Xc!h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns`**`c!h ]Ɋ& !Xc!h F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh`**`c!h ]Ɋ& !Xc!h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**c!h ]Ɋ& !c!h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=219a2c26-c93a-4ece-bb22-8456a0349db3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**c!h ]Ɋ& !c!h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=219a2c26-c93a-4ece-bb22-8456a0349db3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(c!h ]Ɋ& !Xc!h F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m(**@c!h ]Ɋ& !Xc!h F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U@**@c!h ]Ɋ& !Xc!h F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8c!h ]Ɋ& !Xc!h F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ARE8**8c!h ]Ɋ& !Xc!h F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8c!h ]Ɋ& !Xc!h F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**c!h ]Ɋ& !c!h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=72b97cb9-e129-4ec8-89c1-64a74601c672 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co**J"h ]Ɋ& !J"h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=72b97cb9-e129-4ec8-89c1-64a74601c672 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInf**X&"h ]Ɋ& !X&"h F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X&"h F&aceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk0'7=9 Mu=VysMc&&**x &"h ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! W!X&"h F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **p&"h ]Ɋ& !X&"h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**h&"h ]Ɋ& !X&"h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**h&"h ]Ɋ& !X&"h F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h&"h ]Ɋ& !X&"h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**&"h ]Ɋ&  !&"h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f310367-17b1-4ce6-8bb1-4d54de932a1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**{#h ]Ɋ& !{#h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f310367-17b1-4ce6-8bb1-4d54de932a1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**S$h ]Ɋ& '!XS$h F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**S$h ]Ɋ& ?!XS$h F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**S$h ]Ɋ& ;!XS$h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c95**S$h ]Ɋ& 3!XS$h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**S$h ]Ɋ& 3!XS$h F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=562**S$h ]Ɋ& 5!XS$h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0S$h ]Ɋ& !S$h F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=12ab7fb4-8e8c-45c7-a85f-bdbe81f63929 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@$h ]Ɋ& !$h F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=12ab7fb4-8e8c-45c7-a85f-bdbe81f63929 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**pQ>k ]Ɋ& )!XpQ>k F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **pQ>k ]Ɋ& A!XpQ>k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**pQ>k ]Ɋ& =!XpQ>k F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**pQ>k ]Ɋ& 5!XpQ>k F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**pQ>k ]Ɋ& 5!XpQ>k F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**pQ>k ]Ɋ& 7!XpQ>k F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0pQ>k ]Ɋ& !pQ>k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62510f8c-d14c-40f8-a25c-2cfcaeb9e98e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@ER>k ]Ɋ& !ER>k F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62510f8c-d14c-40f8-a25c-2cfcaeb9e98e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**X4R>k ]Ɋ& !X4R>k F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p4R>k ]Ɋ& !X4R>k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**h4R>k ]Ɋ& !X4R>k F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`4R>k ]Ɋ& !X4R>k F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`4R>k ]Ɋ& !X4R>k F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h4R>k ]Ɋ& !X4R>k F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**4R>k ]Ɋ&  !4R>k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c50166e-0335-45a6-aa52-c3ecc64b27fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**4R>k ]Ɋ& !4R>k F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c50166e-0335-45a6-aa52-c3ecc64b27fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**84R>k ]Ɋ& !X4R>k F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**P4R>k ]Ɋ& !X4R>k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P4R>k ]Ɋ& !X4R>k F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**H4R>k ]Ɋ& !X4R>k F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**H 4R>k ]Ɋ& !X4R>k  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**H 4R>k ]Ɋ& !X4R>k  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH** vS>k ]Ɋ& !vS>k  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34d32956-a42f-4049-941e-9ca659fcfd84 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou** vS>k ]Ɋ& !vS>k  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34d32956-a42f-4049-941e-9ca659fcfd84 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X aT>k ]Ɋ& !XaT>k  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**paT>k ]Ɋ& !XaT>k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**haT>k ]Ɋ& !XaT>k F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`aT>k ]Ɋ& !XaT>k F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`aT>k ]Ɋ& !XaT>k F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`aT>k ]Ɋ& !XaT>k F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**aT>k ]Ɋ& !aT>k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a08cda6b-a877-42ef-9965-5e5b4a4bb22b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**aT>k ]Ɋ& !aT>k F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a08cda6b-a877-42ef-9965-5e5b4a4bb22b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(aT>k ]Ɋ& !XaT>k F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@aT>k ]Ɋ& !XaT>k F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@aT>k ]Ɋ& !XaT>k F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@ 65535 Eng ]Ɋ& ndXaT>k F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X&"h F&aceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkHHpRܻXMu=VysMc&&**8 aT>k ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XaT>k F&F%g>9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8aT>k ]Ɋ& !XaT>k F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8aT>k ]Ɋ& !XaT>k F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8**T>k ]Ɋ& !T>k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4cfbe3ff-3b10-45f3-bc19-df0deed55f82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=56**@U>k ]Ɋ& !@U>k F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4cfbe3ff-3b10-45f3-bc19-df0deed55f82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**XqV>k ]Ɋ& !XqV>k F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pqV>k ]Ɋ& !XqV>k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**pqV>k ]Ɋ& !XqV>k F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h qV>k ]Ɋ& !XqV>k  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**h!qV>k ]Ɋ& !XqV>k! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**h"qV>k ]Ɋ& !XqV>k" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0-h**#qV>k ]Ɋ&  !qV>k# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e26c7d77-3144-458f-8439-c866aa14d9c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O**$Q W>k ]Ɋ& !Q W>k$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e26c7d77-3144-458f-8439-c866aa14d9c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[**%W>k ]Ɋ& '!XW>k% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**&W>k ]Ɋ& ?!XW>k& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**'W>k ]Ɋ& ;!XW>k' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**(W>k ]Ɋ& 3!XW>k( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **)W>k ]Ɋ& 3!XW>k) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp***W>k ]Ɋ& 5!XW>k* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**0+W>k ]Ɋ& !W>k+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7da3e61b-e677-4685-8ed5-7ac13299a76f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@,~;X>k ]Ɋ& !~;X>k, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7da3e61b-e677-4685-8ed5-7ac13299a76f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@**-q_m ]Ɋ& )!Xq_m- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**.q_m ]Ɋ& A!Xq_m. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**/q_m ]Ɋ& =!Xq_m/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**0q_m ]Ɋ& 5!Xq_m0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**1q_m ]Ɋ& 5!Xq_m1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**2q_m ]Ɋ& 7!Xq_m2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**03q_m ]Ɋ& !q_m3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=466e7577-d12a-4548-99cf-d1081a758386 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@4m ]Ɋ& !m4 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=466e7577-d12a-4548-99cf-d1081a758386 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=70-@**X5m ]Ɋ& !Xm5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**p6m ]Ɋ& !Xm6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**h7m ]Ɋ& !Xm7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4h**`8m ]Ɋ& !Xm8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6`**`9m ]Ɋ& !Xm9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1`**h:m ]Ɋ& !Xm: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph**;m ]Ɋ&  !m; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=16ad635e-845d-49d7-8c57-90241431cbb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru**<m ]Ɋ& !m< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=16ad635e-845d-49d7-8c57-90241431cbb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8=m ]Ɋ& !Xm= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**P>m ]Ɋ& !Xm> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**P?m ]Ɋ& !Xm? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**H@m ]Ɋ& !Xm@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ee7dH**HAm ]Ɋ& !XmA F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-b48H**HBm ]Ɋ& !XmB F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e8-H**Cm ]Ɋ& !mC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=168ce361-5d72-4d90-85af-204a325da152 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d60**D4)m ]Ɋ& !4)mD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=168ce361-5d72-4d90-85af-204a325da152 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**XE4)m ]Ɋ& !X4)mE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**pF4)m ]Ɋ& !X4)mF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**hG4)m ]Ɋ& !X4)mG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`H4)m ]Ɋ& !X4)mH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CX4)mI F&wid@ 65535 Eng ]Ɋ& ndXaT>k F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X&"h F&aceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkIyIy@VcMu=VysMc&&**hI4)m ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X4)mI F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`J4)m ]Ɋ& !X4)mJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**K4)m ]Ɋ& !4)mK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e2fcee7-f643-4098-9adb-eed9ef54c698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**L4)m ]Ɋ& !4)mL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e2fcee7-f643-4098-9adb-eed9ef54c698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(Mm ]Ɋ& !XmM F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@Nm ]Ɋ& !XmN F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@Om ]Ɋ& !XmO F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8Pm ]Ɋ& !XmP F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8Qm ]Ɋ& !XmQ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8Rm ]Ɋ& !XmR F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**Sm ]Ɋ& !mS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ec6c71eb-c20d-4467-a28a-d1c02186e7f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**TaZm ]Ɋ& !aZmT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ec6c71eb-c20d-4467-a28a-d1c02186e7f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**XUm ]Ɋ& !XmU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**pVm ]Ɋ& !XmV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**pWm ]Ɋ& !XmW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**hXm ]Ɋ& !XmX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**hYm ]Ɋ& !XmY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**hZm ]Ɋ& !XmZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**[m ]Ɋ&  !m[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=65fac5e6-2b9e-4c88-8638-8e614dc526ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**\%$m ]Ɋ& !%$m\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=65fac5e6-2b9e-4c88-8638-8e614dc526ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring**]%$m ]Ɋ& '!X%$m] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**^%$m ]Ɋ& ?!X%$m^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**_%$m ]Ɋ& ;!X%$m_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**`%$m ]Ɋ& 3!X%$m` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==ef**a%$m ]Ɋ& 3!X%$ma F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**b%$m ]Ɋ& 5!X%$mb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=54**0c%$m ]Ɋ& !%$mc F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=662818c8-42a6-4351-aa70-b7aa644e39b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@dm ]Ɋ& !md F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=662818c8-42a6-4351-aa70-b7aa644e39b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**eo ]Ɋ& )!Xoe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**fo ]Ɋ& A!Xof F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **go ]Ɋ& =!Xog F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**ho ]Ɋ& 5!Xoh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**io ]Ɋ& 5!Xoi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **jo ]Ɋ& 7!Xoj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0ko ]Ɋ& !ok F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e21a9ad9-329a-49b6-af0e-a3f13f66d2e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@l%o ]Ɋ& !%ol F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e21a9ad9-329a-49b6-af0e-a3f13f66d2e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**Xm%o ]Ɋ& !X%om F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pn%o ]Ɋ& !X%on F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**ho%o ]Ɋ& !X%oo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`p%o ]Ɋ& !X%op F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`q%o ]Ɋ& !X%oq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hr%o ]Ɋ& !X%or F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**s%o ]Ɋ&  !%os F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=535d4358-c02e-41cf-b70a-12dfe96003fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**t%o ]Ɋ& !%ot F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=535d4358-c02e-41cf-b70a-12dfe96003fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8u%o ]Ɋ& !X%ou F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**Pv%o ]Ɋ& !X%ov F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**Pw%o ]Ɋ& !X%ow F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**Hx%o ]Ɋ& !X%ox F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**Hy%o ]Ɋ& !X%oy F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ba66H PipelineI ]Ɋ&  X%oz F&ElfChnkzzhAMu=VysMc&&**Hz%o ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! +!X%oz F&F%g>9{p(xlMD EventDatauoData !BinaryxVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**{%o ]Ɋ& !%o{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0528b87-eb16-42c5-abf9-c175d0b2fd75 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4)**|o ]Ɋ& !o| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0528b87-eb16-42c5-abf9-c175d0b2fd75 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X}o ]Ɋ& !Xo} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p~o ]Ɋ& !Xo~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**ho ]Ɋ& !Xo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`o ]Ɋ& !Xo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`o ]Ɋ& !Xo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`o ]Ɋ& !Xo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**o ]Ɋ& !o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b586d8cc-6653-4587-b3dd-dcd5b885520a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**o ]Ɋ& !o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b586d8cc-6653-4587-b3dd-dcd5b885520a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(o ]Ɋ& !Xo F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@o ]Ɋ& !Xo F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@o ]Ɋ& !Xo F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8o ]Ɋ& !Xo F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8o ]Ɋ& !Xo F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==fe8**8o ]Ɋ& !Xo F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**o ]Ɋ& !o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4d678939-17cd-4400-9111-5ae884c64008 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**R9o ]Ɋ& !R9o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4d678939-17cd-4400-9111-5ae884c64008 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**Xjo ]Ɋ& !Xjo F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**pjo ]Ɋ& !Xjo F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pjo ]Ɋ& !Xjo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**hjo ]Ɋ& !Xjo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**hjo ]Ɋ& !Xjo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hjo ]Ɋ& !Xjo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**jo ]Ɋ&  !jo F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ff4a2e8-1060-452f-a7a0-a5fb49fa1a16 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**o ]Ɋ& !o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ff4a2e8-1060-452f-a7a0-a5fb49fa1a16 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **o ]Ɋ& '!Xo F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**o ]Ɋ& ?!Xo F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**o ]Ɋ& ;!Xo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**o ]Ɋ& 3!Xo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**o ]Ɋ& 3!Xo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**o ]Ɋ& 5!Xo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0o ]Ɋ& !o F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4be2604f-4e42-4e26-ad2e-01e03faa3381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@o ]Ɋ& !o F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4be2604f-4e42-4e26-ad2e-01e03faa3381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 @**.iEQr ]Ɋ& )!X.iEQr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uctS**.iEQr ]Ɋ& A!X.iEQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=curi**.iEQr ]Ɋ& =!X.iEQr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **.iEQr ]Ɋ& 5!X.iEQr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **.iEQr ]Ɋ& 5!X.iEQr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi**.iEQr ]Ɋ& 7!X.iEQr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0.iEQr ]Ɋ& !.iEQr F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=865acbc2-085e-483f-a9bd-f662b8d69604 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@FQr ]Ɋ& !FQr F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=865acbc2-085e-483f-a9bd-f662b8d69604 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X[FQr ]Ɋ& !X[FQr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p[FQr ]Ɋ& !X[FQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h[FQr ]Ɋ& !X[FQr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`[FQr ]Ɋ& !X[FQr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`[FQr ]Ɋ& !X[FQr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h[FQr ]Ɋ& !X[FQr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h ]Ɋ& X%oz[FQrElfChnksLՓMu=VysMc&&**[FQr ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ![FQr F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a28cd1d8-856f-4f13-81e0-a2786d3d2b5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[FQr ]Ɋ& ![FQr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a28cd1d8-856f-4f13-81e0-a2786d3d2b5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8[FQr ]Ɋ& !X[FQr F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P[FQr ]Ɋ& !X[FQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**P[FQr ]Ɋ& !X[FQr F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**P**H[FQr ]Ɋ& !X[FQr F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**H[FQr ]Ɋ& !X[FQr F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**H[FQr ]Ɋ& !X[FQr F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**[FQr ]Ɋ& ![FQr F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=200eae16-be91-4608-9c54-c26fa91a99f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLi**[FQr ]Ɋ& ![FQr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=200eae16-be91-4608-9c54-c26fa91a99f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**X2GQr ]Ɋ& !X2GQr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNamX**p2GQr ]Ɋ& !X2GQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**h2GQr ]Ɋ& !X2GQr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**`2GQr ]Ɋ& !X2GQr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca`**`2GQr ]Ɋ& !X2GQr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`2GQr ]Ɋ& !X2GQr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**2GQr ]Ɋ& !2GQr F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9473b056-8787-4aa9-9ec2-d6043db48561 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**2GQr ]Ɋ& !2GQr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9473b056-8787-4aa9-9ec2-d6043db48561 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(2GQr ]Ɋ& !X2GQr F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@2GQr ]Ɋ& !X2GQr F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@2GQr ]Ɋ& !X2GQr F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da@**82GQr ]Ɋ& !X2GQr F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on\8**82GQr ]Ɋ& !X2GQr F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver8**82GQr ]Ɋ& !X2GQr F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**2GQr ]Ɋ& !2GQr F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f4fe9df6-5221-4f5a-8483-6120320a6246 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri**GQr ]Ɋ& !GQr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f4fe9df6-5221-4f5a-8483-6120320a6246 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | O**XHQr ]Ɋ& !XHQr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pHQr ]Ɋ& !XHQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**pHQr ]Ɋ& !XHQr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fo]p**hHQr ]Ɋ& !XHQr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hHQr ]Ɋ& !XHQr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hHQr ]Ɋ& !XHQr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Coh**HQr ]Ɋ&  !HQr F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c021e46-0729-4ced-85c9-e87c8f867ba4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**KIQr ]Ɋ& !KIQr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c021e46-0729-4ced-85c9-e87c8f867ba4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**KIQr ]Ɋ& '!XKIQr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**KIQr ]Ɋ& ?!XKIQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**KIQr ]Ɋ& ;!XKIQr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as**KIQr ]Ɋ& 3!XKIQr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ing**KIQr ]Ɋ& 3!XKIQr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art**KIQr ]Ɋ& 5!XKIQr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65**0KIQr ]Ɋ& !KIQr F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9d7d08b5-19c2-4e84-8599-fbf9ec34ebaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@-JQr ]Ɋ& !-JQr F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9d7d08b5-19c2-4e84-8599-fbf9ec34ebaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=83f-@**#+t ]Ɋ& )!X#+t F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**#+t ]Ɋ& A!X#+t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**#+t ]Ɋ& =!X#+t F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=70**#+t ]Ɋ& 5!X#+t F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**#+t ]Ɋ& 5!X#+t F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**#+t ]Ɋ& 7!X#+t F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0õt ]Ɋ& !õt F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a92f64e-b22d-4bb7-9c83-697335f46487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X%oz[FQrElfChnk Xϡk^Mu=VysMc&&**@P\t ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!P\t F&F%g>9{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a92f64e-b22d-4bb7-9c83-697335f46487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XP\t ]Ɋ& !XP\t F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f13X**pP\t ]Ɋ& !XP\t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**hP\t ]Ɋ& !XP\t F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`P\t ]Ɋ& !XP\t F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`P\t ]Ɋ& !XP\t F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hP\t ]Ɋ& !XP\t F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**P\t ]Ɋ&  !P\t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f6053da-d4ac-418a-b8ae-fd1cc55ada63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**t ]Ɋ& !t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f6053da-d4ac-418a-b8ae-fd1cc55ada63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8t ]Ɋ& !Xt F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**Pt ]Ɋ& !Xt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**Pt ]Ɋ& !Xt F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**Ht ]Ɋ& !Xt F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**Ht ]Ɋ& !Xt F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**Ht ]Ɋ& !Xt F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**t ]Ɋ& !t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9096aaac-55c7-4d1b-8fa2-190da98ab4cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**t ]Ɋ& !t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9096aaac-55c7-4d1b-8fa2-190da98ab4cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**X}t ]Ɋ& !X}t F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-d60X**p}t ]Ɋ& !X}t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h}t ]Ɋ& !X}t F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`}t ]Ɋ& !X}t F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6-`**`}t ]Ɋ& !X}t F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`}t ]Ɋ& !X}t F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**}t ]Ɋ& !}t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70b78f52-6d1b-4c17-bb8e-5bcb34077a3a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**}t ]Ɋ& !}t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70b78f52-6d1b-4c17-bb8e-5bcb34077a3a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(}t ]Ɋ& !X}t F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@}t ]Ɋ& !X}t F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@}t ]Ɋ& !X}t F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8}t ]Ɋ& !X}t F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8}t ]Ɋ& !X}t F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8}t ]Ɋ& !X}t F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**}t ]Ɋ& !}t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4beac25b-ccff-43cc-9ac3-f6454b2b5c5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **&t ]Ɋ& !&t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4beac25b-ccff-43cc-9ac3-f6454b2b5c5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**X@Wt ]Ɋ& !X@Wt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p@Wt ]Ɋ& !X@Wt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p@Wt ]Ɋ& !X@Wt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**h@Wt ]Ɋ& !X@Wt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**h@Wt ]Ɋ& !X@Wt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**h@Wt ]Ɋ& !X@Wt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh**@Wt ]Ɋ&  !@Wt F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7eba1a72-f819-47cb-9386-5190fd794dcc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ﹴt ]Ɋ& !ﹴt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7eba1a72-f819-47cb-9386-5190fd794dcc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**mt ]Ɋ& '!Xmt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**mt ]Ɋ& ?!Xmt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**mt ]Ɋ& ;!Xmt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**mt ]Ɋ& 3!Xmt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro** mt ]Ɋ& 3!Xmt  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t** mt ]Ɋ& 5!Xmt  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0 mt ]Ɋ& !mt  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a8cbd926-c9a6-4141-9824-b7455c48fed2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os!t  F&on=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a92f64e-b22d-4bb7-9c83-697335f46487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X%oz[FQrElfChnk = =CxHMu=VysMc&&**@ !t ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!!t  F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a8cbd926-c9a6-4141-9824-b7455c48fed2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ ** 2ew ]Ɋ& )!X2ew  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=3 **2ew ]Ɋ& A!X2ew F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNa**2ew ]Ɋ& =!X2ew F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**2ew ]Ɋ& 5!X2ew F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **2ew ]Ɋ& 5!X2ew F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**2ew ]Ɋ& 7!X2ew F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **02ew ]Ɋ& !2ew F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f968825a-755e-412e-a28c-23bd599e8f62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@_ gw ]Ɋ& !_ gw F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f968825a-755e-412e-a28c-23bd599e8f62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X_ gw ]Ɋ& !X_ gw F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p_ gw ]Ɋ& !X_ gw F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h_ gw ]Ɋ& !X_ gw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`_ gw ]Ɋ& !X_ gw F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`_ gw ]Ɋ& !X_ gw F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h_ gw ]Ɋ& !X_ gw F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**_ gw ]Ɋ&  !_ gw F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed63a535-4d13-480f-8e71-cb3dfdabbf45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **_ gw ]Ɋ& !_ gw F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed63a535-4d13-480f-8e71-cb3dfdabbf45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8_ gw ]Ɋ& !X_ gw F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P_ gw ]Ɋ& !X_ gw F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P_ gw ]Ɋ& !X_ gw F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H _ gw ]Ɋ& !X_ gw  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**H!_ gw ]Ɋ& !X_ gw! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**H"_ gw ]Ɋ& !X_ gw" F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**#_ gw ]Ɋ& !_ gw# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=560e7336-678b-4bf6-98a4-b8c253267d19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**$gw ]Ɋ& !gw$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=560e7336-678b-4bf6-98a4-b8c253267d19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**X%gw ]Ɋ& !Xgw% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**p&gw ]Ɋ& !Xgw& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**h'gw ]Ɋ& !Xgw' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`(gw ]Ɋ& !Xgw( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`)gw ]Ɋ& !Xgw) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`*gw ]Ɋ& !Xgw* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**+gw ]Ɋ& !gw+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6878a45-de6a-4028-8fac-9112569c51e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**,gw ]Ɋ& !gw, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6878a45-de6a-4028-8fac-9112569c51e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(-gw ]Ɋ& !Xgw- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0(**@.gw ]Ɋ& !Xgw. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@/gw ]Ɋ& !Xgw/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**80gw ]Ɋ& !Xgw0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**81gw ]Ɋ& !Xgw1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**82gw ]Ɋ& !Xgw2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**3gw ]Ɋ& !gw3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cec941d9-1c73-47d8-9e6f-aa3b295505ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**4;hw ]Ɋ& !;hw4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cec941d9-1c73-47d8-9e6f-aa3b295505ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**X5liw ]Ɋ& !Xliw5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p6liw ]Ɋ& !Xliw6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p7liw ]Ɋ& !Xliw7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**h8liw ]Ɋ& !Xliw8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**h9liw ]Ɋ& !Xliw9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e2dh**h:liw ]Ɋ& !Xliw: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**;liw ]Ɋ&  !liw; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=06035823-5264-4dea-bfc5-f5cf8bfd90c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**<Pjw ]Ɋ& !Pjw< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=06035823-5264-4dea-bfc5-f5cf8bfd90c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**=Pjw ]Ɋ& '!XPjw= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(n-US')))}} | ]Ɋ& dOXPjw> F&=4.0 RunspaceId=a8cbd926-c9a6-4141-9824-b7455c48fed2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os!t  F&on=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a92f64e-b22d-4bb7-9c83-697335f46487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X%oz[FQrElfChnk>p>p02r3QMu=VysMc&&** >Pjw ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XPjw> F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt **?Pjw ]Ɋ& ;!XPjw? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**@Pjw ]Ɋ& 3!XPjw@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma**APjw ]Ɋ& 3!XPjwA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0**BPjw ]Ɋ& 5!XPjwB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0CPjw ]Ɋ& !PjwC F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=76065de6-611e-4813-afdd-aaea81f0212c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI0**@Djw ]Ɋ& !jwD F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=76065de6-611e-4813-afdd-aaea81f0212c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**Ef4]cy ]Ɋ& )!Xf4]cyE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**Ff4]cy ]Ɋ& A!Xf4]cyF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntiv**Gf4]cy ]Ɋ& =!Xf4]cyG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**Hf4]cy ]Ɋ& 5!Xf4]cyH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=72**If4]cy ]Ɋ& 5!Xf4]cyI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um**Jf4]cy ]Ɋ& 7!Xf4]cyJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0Kf4]cy ]Ɋ& !f4]cyK F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4e95a2e5-0248-4bc0-9dec-c79bf8667a90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@L]cy ]Ɋ& !]cyL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4e95a2e5-0248-4bc0-9dec-c79bf8667a90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= @**XMe^cy ]Ɋ& !Xe^cyM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==X**pNe^cy ]Ɋ& !Xe^cyN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_ gp**hOe^cy ]Ɋ& !Xe^cyO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`Pe^cy ]Ɋ& !Xe^cyP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Qe^cy ]Ɋ& !Xe^cyQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hRe^cy ]Ɋ& !Xe^cyR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**Se^cy ]Ɋ&  !e^cyS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d1cc6c7e-30b0-4999-a361-72af870fbaf7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=$**Te^cy ]Ɋ& !e^cyT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d1cc6c7e-30b0-4999-a361-72af870fbaf7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8U*^cy ]Ɋ& !X*^cyU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&8**PV*^cy ]Ɋ& !X*^cyV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PW*^cy ]Ɋ& !X*^cyW F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HX*^cy ]Ɋ& !X*^cyX F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HY*^cy ]Ɋ& !X*^cyY F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HZ*^cy ]Ɋ& !X*^cyZ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**[*^cy ]Ɋ& !*^cy[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ff9034b8-0fb9-406e-93c1-402b16ad0ec5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****\*^cy ]Ɋ& !*^cy\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ff9034b8-0fb9-406e-93c1-402b16ad0ec5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**X]_cy ]Ɋ& !X_cy] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginX**p^_cy ]Ɋ& !X_cy^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**h__cy ]Ɋ& !X_cy_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leh**``_cy ]Ɋ& !X_cy` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H`**`a_cy ]Ɋ& !X_cya F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`b_cy ]Ɋ& !X_cyb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**c_cy ]Ɋ& !_cyc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e8f720e-2e62-4f1c-9bca-d2392ed69251 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**d_cy ]Ɋ& !_cyd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e8f720e-2e62-4f1c-9bca-d2392ed69251 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**(eW/`cy ]Ɋ& !XW/`cye F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@fW/`cy ]Ɋ& !XW/`cyf F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@gW/`cy ]Ɋ& !XW/`cyg F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= en@**8hW/`cy ]Ɋ& !XW/`cyh F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8iW/`cy ]Ɋ& !XW/`cyi F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li8**8jW/`cy ]Ɋ& !XW/`cyj F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**kW/`cy ]Ɋ& !W/`cyk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3e0b1b59-85d5-4ade-8de6-7db03e38244f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='i**l`cy ]Ɋ& !`cyl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3e0b1b59-85d5-4ade-8de6-7db03e38244f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | f**Xmacy ]Ɋ& !Xacym F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pnacy ]Ɋ& !Xacyn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=op**poacy ]Ɋ& !Xacyo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,Dp**hpacy ]Ɋ& !Xacyp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nabhd | Out-Stri ]Ɋ& d=Xacyq F&5f46487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X%oz[FQrElfChnkqq+ :AX1Mu=VysMc&&**h qacy ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!Xacyq F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **hracy ]Ɋ& !Xacyr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**sacy ]Ɋ&  !acys F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa00d398-8547-4b98-ab2a-666a5f00d3d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**tbcy ]Ɋ& !bcyt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa00d398-8547-4b98-ab2a-666a5f00d3d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**ubcy ]Ɋ& '!Xbcyu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**vbcy ]Ɋ& ?!Xbcyv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**wbcy ]Ɋ& ;!Xbcyw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2e1**xbcy ]Ɋ& 3!Xbcyx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ybcy ]Ɋ& 3!Xbcyy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=107**zbcy ]Ɋ& 5!Xbcyz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0{bcy ]Ɋ& !bcy{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ec5f0597-4c0d-437d-a2f6-7165bac45827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@|ccy ]Ɋ& !ccy| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ec5f0597-4c0d-437d-a2f6-7165bac45827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**}<{ ]Ɋ& )!X<{} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **~<{ ]Ɋ& A!X<{~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**<{ ]Ɋ& =!X<{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**<{ ]Ɋ& 5!X<{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**<{ ]Ɋ& 5!X<{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**<{ ]Ɋ& 7!X<{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0"{ ]Ɋ& !"{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6cbcd272-dae0-4323-8211-8657a7d64fcb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@m{ ]Ɋ& !m{ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6cbcd272-dae0-4323-8211-8657a7d64fcb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**Xm{ ]Ɋ& !Xm{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=UX**pm{ ]Ɋ& !Xm{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**hm{ ]Ɋ& !Xm{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`m{ ]Ɋ& !Xm{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`m{ ]Ɋ& !Xm{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hm{ ]Ɋ& !Xm{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**m{ ]Ɋ&  !m{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=463385e6-ec78-43de-8315-dbeb7d5e0109 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**m{ ]Ɋ& !m{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=463385e6-ec78-43de-8315-dbeb7d5e0109 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8O{ ]Ɋ& !XO{ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**PO{ ]Ɋ& !XO{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PO{ ]Ɋ& !XO{ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**HO{ ]Ɋ& !XO{ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HO{ ]Ɋ& !XO{ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HO{ ]Ɋ& !XO{ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**O{ ]Ɋ& !O{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=57754171-afb7-47e2-a3d2-b9f1c76552a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**O{ ]Ɋ& !O{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=57754171-afb7-47e2-a3d2-b9f1c76552a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XO{ ]Ɋ& !XO{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**pO{ ]Ɋ& !XO{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**hO{ ]Ɋ& !XO{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`O{ ]Ɋ& !XO{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`O{ ]Ɋ& !XO{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`O{ ]Ɋ& !XO{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**O{ ]Ɋ& !O{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bada0056-8e0b-4426-8032-6aa0b76a159e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**O{ ]Ɋ& !O{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bada0056-8e0b-4426-8032-6aa0b76a159e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(O{ ]Ɋ& !XO{ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@O{ ]Ɋ& !XO{ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@O{ ]Ɋ& !XO{ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@**8O{ ]Ɋ& !XO{ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da8**8O{ ]Ɋ& !XO{ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\Un8**8O{ ]Ɋ& !XO{ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on8**{ ]Ɋ& !{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f3d1c09-d455-4757-8ad4-bd1546995050 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id CommandNam ]Ɋ&  |7{ F&%oz[FQrElfChnkp1fMu=VysMc&&** |7{ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! y!|7{ F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f3d1c09-d455-4757-8ad4-bd1546995050 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xh { ]Ɋ& !Xh { F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sX**ph { ]Ɋ& !Xh { F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**ph { ]Ɋ& !Xh { F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izep**hh { ]Ɋ& !Xh { F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**hh { ]Ɋ& !Xh { F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**hh { ]Ɋ& !Xh { F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bh**h { ]Ɋ&  !h { F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22bbfb70-e5ea-4af7-b13e-dec7699678bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**h { ]Ɋ& !h { F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22bbfb70-e5ea-4af7-b13e-dec7699678bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**@!{ ]Ɋ& '!X@!{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**@!{ ]Ɋ& ?!X@!{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**@!{ ]Ɋ& ;!X@!{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta**@!{ ]Ɋ& 3!X@!{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**@!{ ]Ɋ& 3!X@!{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ate**@!{ ]Ɋ& 5!X@!{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**0@!{ ]Ɋ& !@!{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e3b70dab-3ba3-4064-afe4-d1afbfbff39d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st0**@֙!{ ]Ɋ& !֙!{ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e3b70dab-3ba3-4064-afe4-d1afbfbff39d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam@**r~ ]Ɋ& )!Xr~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**r~ ]Ɋ& A!Xr~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**r~ ]Ɋ& =!Xr~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**r~ ]Ɋ& 5!Xr~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**r~ ]Ɋ& 5!Xr~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**r~ ]Ɋ& 7!Xr~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0r~ ]Ɋ& !r~ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd51c63c-27e9-4f82-9658-3b09921becf4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@g~ ]Ɋ& !g~ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd51c63c-27e9-4f82-9658-3b09921becf4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X~ ]Ɋ& !X~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CX**p~ ]Ɋ& !X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**h~ ]Ɋ& !X~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`~ ]Ɋ& !X~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`~ ]Ɋ& !X~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h~ ]Ɋ& !X~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**~ ]Ɋ&  !~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8850e6f2-b65b-4eef-aa5c-b4cfd307d0b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**~ ]Ɋ& !~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8850e6f2-b65b-4eef-aa5c-b4cfd307d0b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ew**8~ ]Ɋ& !X~ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P~ ]Ɋ& !X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P~ ]Ɋ& !X~ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H~ ]Ɋ& !X~ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H~ ]Ɋ& !X~ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H~ ]Ɋ& !X~ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**~ ]Ɋ& !~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d9f8b0c-eb43-42ff-97d3-f4e0f7fa2bb8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ]Ɋ& !~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d9f8b0c-eb43-42ff-97d3-f4e0f7fa2bb8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X5~ ]Ɋ& !X5~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPatX**p5~ ]Ɋ& !X5~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginp**h5~ ]Ɋ& !X5~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alh**`5~ ]Ɋ& !X5~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fi`**`5~ ]Ɋ& !X5~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`5~ ]Ɋ& !X5~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**5~ ]Ɋ& !5~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea24c072-0809-4da4-aa09-1b815ec1fa2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**5~ ]Ɋ& !5~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea24c072-0809-4da4-aa09-1b815ec1fa2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(5~ ]Ɋ& !X5~ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(andType= S ]Ɋ&  X5~ F&  |7{ F&%oz[FQrElfChnk0S8Mu=VysMc&&**H 5~ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! '!X5~ F&F%g>9{p(xlMD EventDatauoData !BinarytEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptH **@5~ ]Ɋ& !X5~ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIn@**85~ ]Ɋ& !X5~ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=isp8**85~ ]Ɋ& !X5~ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**85~ ]Ɋ& !X5~ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc8**5~ ]Ɋ& !5~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4d95920a-b37e-4aba-b16c-b8af37786c95 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0~ ]Ɋ& !0~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4d95920a-b37e-4aba-b16c-b8af37786c95 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNa**Xa~ ]Ɋ& !Xa~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pa~ ]Ɋ& !Xa~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pa~ ]Ɋ& !Xa~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2bbp**ha~ ]Ɋ& !Xa~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**ha~ ]Ɋ& !Xa~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@!h**ha~ ]Ɋ& !Xa~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**a~ ]Ɋ&  !a~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6861ef94-8e27-46a8-b226-b83b8d6376ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**~ ]Ɋ& !~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6861ef94-8e27-46a8-b226-b83b8d6376ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wers**~ ]Ɋ& '!X~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**~ ]Ɋ& ?!X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**~ ]Ɋ& ;!X~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**~ ]Ɋ& 3!X~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**~ ]Ɋ& 3!X~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**~ ]Ɋ& 5!X~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0~ ]Ɋ& !~ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=58abac9f-f2bc-4a02-8f8a-2818f5367dc8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f40**@&~ ]Ɋ& !&~ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=58abac9f-f2bc-4a02-8f8a-2818f5367dc8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**B:u ]Ɋ& )!XB:u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam**B:u ]Ɋ& A!XB:u F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**B:u ]Ɋ& =!XB:u F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= A**B:u ]Ɋ& 5!XB:u F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**B:u ]Ɋ& 5!XB:u F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**B:u ]Ɋ& 7!XB:u F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0B:u ]Ɋ& !B:u F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=782425aa-f229-4080-8d10-f93f051c2162 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@u ]Ɋ& !u F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=782425aa-f229-4080-8d10-f93f051c2162 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xoku ]Ɋ& !Xoku F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**poku ]Ɋ& !Xoku F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hoku ]Ɋ& !Xoku F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`oku ]Ɋ& !Xoku F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`oku ]Ɋ& !Xoku F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hoku ]Ɋ& !Xoku F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**oku ]Ɋ&  !oku F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=890496c7-a7d3-417d-b273-6b057d5dc388 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Non**oku ]Ɋ& !oku F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=890496c7-a7d3-417d-b273-6b057d5dc388 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8oku ]Ɋ& !Xoku F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s 8**Poku ]Ɋ& !Xoku F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNP**Poku ]Ɋ& !Xoku F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StaP**Hoku ]Ɋ& !Xoku F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hoku ]Ɋ& !Xoku F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hoku ]Ɋ& !Xoku F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5H**oku ]Ɋ& !oku F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9521f75-78dd-4c8e-935f-fd1bd4fa1cda PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**oku ]Ɋ& !oku F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9521f75-78dd-4c8e-935f-fd1bd4fa1cda PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xu ]Ɋ& !Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pu ]Ɋ& !Xu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndTyp= ScriptNa ]Ɋ& = Xu F&  X5~ F&  |7{ F&%oz[FQrElfChnk77(xvޚMu=VysMc&&**pu ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!Xu F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**`u ]Ɋ& !Xu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io`**` u ]Ɋ& !Xu  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le`**` u ]Ɋ& !Xu  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`** u ]Ɋ& !u  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e43a475c-eddd-446c-8022-78f4f68cc9db PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d** u ]Ɋ& !u  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e43a475c-eddd-446c-8022-78f4f68cc9db PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**( u ]Ɋ& !Xu  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@u ]Ɋ& !Xu F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@u ]Ɋ& !Xu F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 6@**8u ]Ɋ& !Xu F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8u ]Ɋ& !Xu F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nst8**8u ]Ɋ& !Xu F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.08**u ]Ɋ& !u F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=639f19df-9a31-4e65-a4fe-a6654135d4bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **u ]Ɋ& !u F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=639f19df-9a31-4e65-a4fe-a6654135d4bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**Xu ]Ɋ& !Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pu ]Ɋ& !Xu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pu ]Ɋ& !Xu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**hu ]Ɋ& !Xu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**hu ]Ɋ& !Xu F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**hu ]Ɋ& !Xu F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**u ]Ɋ&  !u F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd263ee7-bf8e-44d9-bfe6-c02fa2d95c2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**u ]Ɋ& !u F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd263ee7-bf8e-44d9-bfe6-c02fa2d95c2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= . |**`fu ]Ɋ& '!X`fu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**`fu ]Ɋ& ?!X`fu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`fu ]Ɋ& ;!X`fu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6cc** `fu ]Ɋ& 3!X`fu  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**!`fu ]Ɋ& 3!X`fu! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ced**"`fu ]Ɋ& 5!X`fu" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0#`fu ]Ɋ& !`fu# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4aeb9371-0776-4670-acf2-e8f737762991 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@$u ]Ɋ& !u$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4aeb9371-0776-4670-acf2-e8f737762991 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**%ق ]Ɋ& )!Xق% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com**&ق ]Ɋ& A!Xق& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= **'ق ]Ɋ& =!Xق' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut**(ق ]Ɋ& 5!Xق( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 **)ق ]Ɋ& 5!Xق) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca***ق ]Ɋ& 7!Xق* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0+ق ]Ɋ& !ق+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d0c99d47-a377-4e03-9e9b-a019a9127fbb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t0**@,93ق ]Ɋ& !93ق, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d0c99d47-a377-4e03-9e9b-a019a9127fbb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=top@**X-˱ق ]Ɋ& !X˱ق- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p.˱ق ]Ɋ& !X˱ق. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stp**h/˱ق ]Ɋ& !X˱ق/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`0˱ق ]Ɋ& !X˱ق0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n`**`1˱ق ]Ɋ& !X˱ق1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**h2˱ق ]Ɋ& !X˱ق2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Stah**3˱ق ]Ɋ&  !˱ق3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=847a8e4c-d0f2-4498-b96e-9156e342fd5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**4˱ق ]Ɋ& !˱ق4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=847a8e4c-d0f2-4498-b96e-9156e342fd5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**85˱ق ]Ɋ& !X˱ق5 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**P6˱ق ]Ɋ& !X˱ق6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ueP**P7˱ق ]Ɋ& !X˱ق7 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P  ]Ɋ& F&%ozXElfChnk8h8h04~(<Mu=VysMc&&**H8˱ق ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X˱ق8 F&F%g>9{p(xlMD EventDatauoData !BinaryvFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H9˱ق ]Ɋ& !X˱ق9 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H:˱ق ]Ɋ& !X˱ق: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ScrH**;˱ق ]Ɋ& !˱ق; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50eceb64-a581-44e4-aab6-28c3859bf034 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**<˱ق ]Ɋ& !˱ق< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50eceb64-a581-44e4-aab6-28c3859bf034 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**X=fdق ]Ɋ& !Xfdق= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoX**p>fdق ]Ɋ& !Xfdق> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortp**h?fdق ]Ɋ& !Xfdق? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bah**`@fdق ]Ɋ& !Xfdق@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`Afdق ]Ɋ& !XfdقA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq`**`Bfdق ]Ɋ& !XfdقB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Cfdق ]Ɋ& !fdقC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34ff1e85-f1f2-4258-8983-4b4a6eeb4ca7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Dfdق ]Ɋ& !fdقD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34ff1e85-f1f2-4258-8983-4b4a6eeb4ca7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **(Eق ]Ɋ& !XقE F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5(**@Fق ]Ɋ& !XقF F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V@**@Gق ]Ɋ& !XقG F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te'@**8Hق ]Ɋ& !XقH F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent8**8Iق ]Ɋ& !XقI F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t 8**8Jق ]Ɋ& !XقJ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Kق ]Ɋ& !قK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6729fee5-adb8-4092-84ad-f47c136bab90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**Lق ]Ɋ& !قL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6729fee5-adb8-4092-84ad-f47c136bab90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ated**XMW_ق ]Ɋ& !XW_قM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pNW_ق ]Ɋ& !XW_قN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pOW_ق ]Ɋ& !XW_قO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultp**hPW_ق ]Ɋ& !XW_قP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthh**hQW_ق ]Ɋ& !XW_قQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hRW_ق ]Ɋ& !XW_قR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nah**SW_ق ]Ɋ&  !W_قS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af9cfad4-1a1c-4bb4-bfe9-3d212b54bb13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Tق ]Ɋ& !قT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af9cfad4-1a1c-4bb4-bfe9-3d212b54bb13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber=**Uق ]Ɋ& '!XقU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**Vق ]Ɋ& ?!XقV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Wق ]Ɋ& ;!XقW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xق ]Ɋ& 3!XقX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ou**Yق ]Ɋ& 3!XقY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cti**Zق ]Ɋ& 5!XقZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= -**0[ق ]Ɋ& !ق[ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d9d5aba3-b304-4999-ae58-633a147623bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te0**@\)ق ]Ɋ& !)ق\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d9d5aba3-b304-4999-ae58-633a147623bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7-a3@**]oh% ]Ɋ& )!Xoh%] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**^oh% ]Ɋ& A!Xoh%^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mIns**_oh% ]Ɋ& =!Xoh%_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-0**`oh% ]Ɋ& 5!Xoh%` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**aoh% ]Ɋ& 5!Xoh%a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**boh% ]Ɋ& 7!Xoh%b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0coh% ]Ɋ& !oh%c F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=520c83bb-90ff-4de3-91d1-95a9226bc5a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@dWi% ]Ɋ& !Wi%d F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=520c83bb-90ff-4de3-91d1-95a9226bc5a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**XeWi% ]Ɋ& !XWi%e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**pfWi% ]Ɋ& !XWi%f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**hgWi% ]Ɋ& !XWi%g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`hWi% ]Ɋ& !XWi%h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XWi%i F&XElfChnkiiVg'<omMu=VysMc&&**hiWi% ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!XWi%i F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hjWi% ]Ɋ& !XWi%j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**kWi% ]Ɋ&  !Wi%k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=357ca870-658c-492d-a4c9-71c78f9c46d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ**li% ]Ɋ& !i%l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=357ca870-658c-492d-a4c9-71c78f9c46d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**8mi% ]Ɋ& !Xi%m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pni% ]Ɋ& !Xi%n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Poi% ]Ɋ& !Xi%o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hpi% ]Ɋ& !Xi%p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**Hqi% ]Ɋ& !Xi%q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=AH**Hri% ]Ɋ& !Xi%r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H**si% ]Ɋ& !i%s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77dc070a-0819-4614-99fe-104ea772dce6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ti% ]Ɋ& !i%t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77dc070a-0819-4614-99fe-104ea772dce6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xui% ]Ɋ& !Xi%u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**pvi% ]Ɋ& !Xi%v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**hwi% ]Ɋ& !Xi%w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**`xi% ]Ɋ& !Xi%x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`yi% ]Ɋ& !Xi%y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`zi% ]Ɋ& !Xi%z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**{i% ]Ɋ& !i%{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=95e8afa7-83fa-49dc-8e69-dee88c080c06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|9j% ]Ɋ& !9j%| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=95e8afa7-83fa-49dc-8e69-dee88c080c06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**(}9j% ]Ɋ& !X9j%} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@~9j% ]Ɋ& !X9j%~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0@**@9j% ]Ɋ& !X9j% F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**89j% ]Ɋ& !X9j% F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**89j% ]Ɋ& !X9j% F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5c-8**89j% ]Ɋ& !X9j% F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**9j% ]Ɋ& !9j% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cfbdb337-2b38-41a1-a27a-56679f2ea298 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**j% ]Ɋ& !j% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cfbdb337-2b38-41a1-a27a-56679f2ea298 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**XGl% ]Ɋ& !XGl% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pGl% ]Ɋ& !XGl% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**pGl% ]Ɋ& !XGl% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**hGl% ]Ɋ& !XGl% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**hGl% ]Ɋ& !XGl% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**hGl% ]Ɋ& !XGl% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**Gl% ]Ɋ&  !Gl% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1c83e70-a1b1-4a8d-b8a2-6a1886abd18f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**ޛl% ]Ɋ& !ޛl% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1c83e70-a1b1-4a8d-b8a2-6a1886abd18f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio**ޛl% ]Ɋ& '!Xޛl% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**ޛl% ]Ɋ& ?!Xޛl% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**ޛl% ]Ɋ& ;!Xޛl% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne**ޛl% ]Ɋ& 3!Xޛl% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **ޛl% ]Ɋ& 3!Xޛl% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP**ޛl% ]Ɋ& 5!Xޛl% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**0ޛl% ]Ɋ& !ޛl% F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=00aa96a2-40d7-4905-aa50-c09dc41be45c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@t4m% ]Ɋ& !t4m% F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=00aa96a2-40d7-4905-aa50-c09dc41be45c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @**Y ]Ɋ& )!XY F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30e6543f-56d8-4d54-8fba-fd0a081e385f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut-S**Y ]Ɋ& A!XY F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30e6543f-56d8-4d54-8fba-fd0a081e385f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 -C**Y ]Ɋ& =!XY F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30e6543f-56d8-4d54-8fba-fd0a081e385f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**Y ]Ɋ& 5!XY F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30e6543f-56d8-4d54-8fba-fd0a081e385f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on.0 HostId= ]Ɋ& icXY F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XWi%i F&XElfChnkpܮpMu=VysMc&&**Y ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XY F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30e6543f-56d8-4d54-8fba-fd0a081e385f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **Y ]Ɋ& 7!XY F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30e6543f-56d8-4d54-8fba-fd0a081e385f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0Y ]Ɋ& !Y F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30e6543f-56d8-4d54-8fba-fd0a081e385f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=227bd015-1e17-4323-abfb-20b117eac6d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@mZ ]Ɋ& !mZ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30e6543f-56d8-4d54-8fba-fd0a081e385f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=227bd015-1e17-4323-abfb-20b117eac6d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**XmZ ]Ɋ& !XmZ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=728cc297-f60f-4076-abc2-740f63413c18 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**pmZ ]Ɋ& !XmZ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=728cc297-f60f-4076-abc2-740f63413c18 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**hmZ ]Ɋ& !XmZ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=728cc297-f60f-4076-abc2-740f63413c18 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`mZ ]Ɋ& !XmZ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=728cc297-f60f-4076-abc2-740f63413c18 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`mZ ]Ɋ& !XmZ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=728cc297-f60f-4076-abc2-740f63413c18 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**hmZ ]Ɋ& !XmZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=728cc297-f60f-4076-abc2-740f63413c18 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**mZ ]Ɋ&  !mZ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=728cc297-f60f-4076-abc2-740f63413c18 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb422fa1-5ccf-4182-ab36-63412288a348 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **@[ ]Ɋ& !@[ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=728cc297-f60f-4076-abc2-740f63413c18 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb422fa1-5ccf-4182-ab36-63412288a348 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8@[ ]Ɋ& !X@[ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bffe2cd0-0941-4020-9bd0-f29faa487a92 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P@[ ]Ɋ& !X@[ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bffe2cd0-0941-4020-9bd0-f29faa487a92 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P@[ ]Ɋ& !X@[ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bffe2cd0-0941-4020-9bd0-f29faa487a92 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H@[ ]Ɋ& !X@[ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bffe2cd0-0941-4020-9bd0-f29faa487a92 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**H@[ ]Ɋ& !X@[ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bffe2cd0-0941-4020-9bd0-f29faa487a92 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**H@[ ]Ɋ& !X@[ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bffe2cd0-0941-4020-9bd0-f29faa487a92 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**@[ ]Ɋ& !@[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bffe2cd0-0941-4020-9bd0-f29faa487a92 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc3e94e9-a441-4469-8a0c-848961b2fcdb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**@[ ]Ɋ& !@[ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bffe2cd0-0941-4020-9bd0-f29faa487a92 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc3e94e9-a441-4469-8a0c-848961b2fcdb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**X@[ ]Ɋ& !X@[ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5c1db1c2-7384-46ad-9885-9507b87d77fb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**p@[ ]Ɋ& !X@[ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5c1db1c2-7384-46ad-9885-9507b87d77fb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**h@[ ]Ɋ& !X@[ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5c1db1c2-7384-46ad-9885-9507b87d77fb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`@[ ]Ɋ& !X@[ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5c1db1c2-7384-46ad-9885-9507b87d77fb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`@[ ]Ɋ& !X@[ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5c1db1c2-7384-46ad-9885-9507b87d77fb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`@[ ]Ɋ& !X@[ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5c1db1c2-7384-46ad-9885-9507b87d77fb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**@[ ]Ɋ& !@[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5c1db1c2-7384-46ad-9885-9507b87d77fb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e95a7ec-a8bc-4a23-8939-60545c9c8775 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**מ[ ]Ɋ& !מ[ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5c1db1c2-7384-46ad-9885-9507b87d77fb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e95a7ec-a8bc-4a23-8939-60545c9c8775 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(מ[ ]Ɋ& !Xמ[ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=83837f8e-648f-4226-b0d8-20bd3611494f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6(**@מ[ ]Ɋ& !Xמ[ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=83837f8e-648f-4226-b0d8-20bd3611494f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@מ[ ]Ɋ& !Xמ[ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=83837f8e-648f-4226-b0d8-20bd3611494f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8מ[ ]Ɋ& !Xמ[ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=83837f8e-648f-4226-b0d8-20bd3611494f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8מ[ ]Ɋ& !Xמ[ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=83837f8e-648f-4226-b0d8-20bd3611494f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8מ[ ]Ɋ& !Xמ[ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=83837f8e-648f-4226-b0d8-20bd3611494f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**מ[ ]Ɋ& !מ[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=83837f8e-648f-4226-b0d8-20bd3611494f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3210704f-cb57-4e04-bf13-5070fe0ec952 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**m7\ ]Ɋ& !m7\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=83837f8e-648f-4226-b0d8-20bd3611494f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3210704f-cb57-4e04-bf13-5070fe0ec952 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**Xh] ]Ɋ& !Xh] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=21ee80b9-7299-445f-8313-6ae293511de2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**ph] ]Ɋ& !Xh] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=21ee80b9-7299-445f-8313-6ae293511de2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**ph] ]Ɋ& !Xh] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=21ee80b9-7299-445f-8313-6ae293511de2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hh] ]Ɋ& !Xh] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=21ee80b9-7299-445f-8313-6ae293511de2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hh] ]Ɋ& !Xh] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=21ee80b9-7299-445f-8313-6ae293511de2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e6bh**hh] ]Ɋ& !Xh] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=21ee80b9-7299-445f-8313-6ae293511de2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**h] ]Ɋ&  !h] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=21ee80b9-7299-445f-8313-6ae293511de2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b87ac144-c15b-4565-81e9-151488b1ba4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**1^ ]Ɋ& !1^ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=21ee80b9-7299-445f-8313-6ae293511de2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b87ac144-c15b-4565-81e9-151488b1ba4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**1^ ]Ɋ& '!X1^ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=443a48a4-a440-447d-9756-e722306e63a2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**1^ ]Ɋ& ?!X1^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=443a48a4-a440-447d-9756-e722306e63a2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**1^ ]Ɋ& ;!X1^ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=443a48a4-a440-447d-9756-e722306e63a2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **1^ ]Ɋ& 3!X1^ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=443a48a4-a440-447d-9756-e722306e63a2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**1^ ]Ɋ& 3!X1^ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=443a48a4-a440-447d-9756-e722306e63a2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& X1^ F& F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XWi%i F&XElfChnkp(Z4OMu=VysMc&&** 1^ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X1^ F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=443a48a4-a440-447d-9756-e722306e63a2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4d5 **01^ ]Ɋ& !1^ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=443a48a4-a440-447d-9756-e722306e63a2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=aa6851f6-c161-4dcb-bf00-8ef248a6d14f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@Ǚ^ ]Ɋ& !Ǚ^ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=443a48a4-a440-447d-9756-e722306e63a2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=aa6851f6-c161-4dcb-bf00-8ef248a6d14f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**l ]Ɋ& )!Xl F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e02af3e4-d6ab-4477-aeaf-de2a48030523 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**l ]Ɋ& A!Xl F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e02af3e4-d6ab-4477-aeaf-de2a48030523 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **l ]Ɋ& =!Xl F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e02af3e4-d6ab-4477-aeaf-de2a48030523 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**l ]Ɋ& 5!Xl F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e02af3e4-d6ab-4477-aeaf-de2a48030523 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**l ]Ɋ& 5!Xl F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e02af3e4-d6ab-4477-aeaf-de2a48030523 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **l ]Ɋ& 7!Xl F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e02af3e4-d6ab-4477-aeaf-de2a48030523 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0l ]Ɋ& !l F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e02af3e4-d6ab-4477-aeaf-de2a48030523 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e00451bb-c3b5-43ac-9a6a-f3f894991bb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e02af3e4-d6ab-4477-aeaf-de2a48030523 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e00451bb-c3b5-43ac-9a6a-f3f894991bb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ea1f5877-6751-449b-8893-69aad2530cb0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ea1f5877-6751-449b-8893-69aad2530cb0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ea1f5877-6751-449b-8893-69aad2530cb0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ea1f5877-6751-449b-8893-69aad2530cb0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ea1f5877-6751-449b-8893-69aad2530cb0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ea1f5877-6751-449b-8893-69aad2530cb0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ea1f5877-6751-449b-8893-69aad2530cb0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73c897ad-f1ca-4439-84d9-b01be6a8e141 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ea1f5877-6751-449b-8893-69aad2530cb0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73c897ad-f1ca-4439-84d9-b01be6a8e141 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6a16e89f-bce2-44f9-b43d-8e67d64961a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6a16e89f-bce2-44f9-b43d-8e67d64961a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6a16e89f-bce2-44f9-b43d-8e67d64961a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6a16e89f-bce2-44f9-b43d-8e67d64961a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6a16e89f-bce2-44f9-b43d-8e67d64961a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ftVoH**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6a16e89f-bce2-44f9-b43d-8e67d64961a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ritH** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6a16e89f-bce2-44f9-b43d-8e67d64961a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3ae56b0e-8f6b-4247-9417-4075568a2482 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**6 ]Ɋ& !6 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6a16e89f-bce2-44f9-b43d-8e67d64961a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3ae56b0e-8f6b-4247-9417-4075568a2482 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**X6 ]Ɋ& !X6 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e861004c-7734-4b72-963d-87f5778f6d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US;X**p6 ]Ɋ& !X6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e861004c-7734-4b72-963d-87f5778f6d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostVp**h6 ]Ɋ& !X6 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e861004c-7734-4b72-963d-87f5778f6d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`6 ]Ɋ& !X6 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e861004c-7734-4b72-963d-87f5778f6d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*`**`6 ]Ɋ& !X6 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e861004c-7734-4b72-963d-87f5778f6d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru`**`6 ]Ɋ& !X6 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e861004c-7734-4b72-963d-87f5778f6d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**6 ]Ɋ& !6 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e861004c-7734-4b72-963d-87f5778f6d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58f6bc5c-c8fd-49a2-9c7b-49689fbe3847 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**6 ]Ɋ& !6 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e861004c-7734-4b72-963d-87f5778f6d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58f6bc5c-c8fd-49a2-9c7b-49689fbe3847 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=589e6381-9adf-4351-9a8b-73efe8501a8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=589e6381-9adf-4351-9a8b-73efe8501a8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=589e6381-9adf-4351-9a8b-73efe8501a8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=589e6381-9adf-4351-9a8b-73efe8501a8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=589e6381-9adf-4351-9a8b-73efe8501a8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=589e6381-9adf-4351-9a8b-73efe8501a8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=589e6381-9adf-4351-9a8b-73efe8501a8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=470223a8-cf6a-4325-a9c8-13b8870436ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**g ]Ɋ& !g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=589e6381-9adf-4351-9a8b-73efe8501a8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=470223a8-cf6a-4325-a9c8-13b8870436ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**Xߘ  ]Ɋ& !Xߘ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1c2ae572-d8dd-4cbe-a11e-314dd02d8deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**pߘ  ]Ɋ& !Xߘ  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1c2ae572-d8dd-4cbe-a11e-314dd02d8deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**pߘ  ]Ɋ& !Xߘ  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1c2ae572-d8dd-4cbe-a11e-314dd02d8deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**hߘ  ]Ɋ& !Xߘ  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1c2ae572-d8dd-4cbe-a11e-314dd02d8deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**hߘ  ]Ɋ& !Xߘ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1c2ae572-d8dd-4cbe-a11e-314dd02d8deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**hߘ  ]Ɋ& !Xߘ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1c2ae572-d8dd-4cbe-a11e-314dd02d8deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**ߘ  ]Ɋ&  !ߘ  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1c2ae572-d8dd-4cbe-a11e-314dd02d8deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0f90986c-bcbd-41ea-aa1d-cb62c7e19e72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sbe.properties ]Ɋ& Cuv1! F&n-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& X1^ F& F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XWi%i F&XElfChnk..xhUlAMu=VysMc&&** v1! ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !v1! F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1c2ae572-d8dd-4cbe-a11e-314dd02d8deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0f90986c-bcbd-41ea-aa1d-cb62c7e19e72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **v1! ]Ɋ& '!Xv1! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a8e4c075-cfd9-48bb-8904-be74e13f57d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**v1! ]Ɋ& ?!Xv1! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a8e4c075-cfd9-48bb-8904-be74e13f57d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**v1! ]Ɋ& ;!Xv1! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a8e4c075-cfd9-48bb-8904-be74e13f57d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**v1! ]Ɋ& 3!Xv1! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a8e4c075-cfd9-48bb-8904-be74e13f57d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**v1! ]Ɋ& 3!Xv1! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a8e4c075-cfd9-48bb-8904-be74e13f57d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ica**v1! ]Ɋ& 5!Xv1! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a8e4c075-cfd9-48bb-8904-be74e13f57d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0v1! ]Ɋ& !v1! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a8e4c075-cfd9-48bb-8904-be74e13f57d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2a44918c-760e-4ef8-894c-24ff11e4c6ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow0**@b" ]Ɋ& !b" F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a8e4c075-cfd9-48bb-8904-be74e13f57d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2a44918c-760e-4ef8-894c-24ff11e4c6ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**ڸ7 ]Ɋ& )!Xڸ7 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4bbfbb4f-cf97-47e8-a011-d249e71cebe4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**ڸ7 ]Ɋ& A!Xڸ7 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4bbfbb4f-cf97-47e8-a011-d249e71cebe4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-wid**ڸ7 ]Ɋ& =!Xڸ7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4bbfbb4f-cf97-47e8-a011-d249e71cebe4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**ڸ7 ]Ɋ& 5!Xڸ7 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4bbfbb4f-cf97-47e8-a011-d249e71cebe4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l ** ڸ7 ]Ɋ& 5!Xڸ7  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4bbfbb4f-cf97-47e8-a011-d249e71cebe4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==e** ڸ7 ]Ɋ& 7!Xڸ7  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4bbfbb4f-cf97-47e8-a011-d249e71cebe4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0 is7 ]Ɋ& !is7  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4bbfbb4f-cf97-47e8-a011-d249e71cebe4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b96bd779-2540-4973-b991-6022880b04d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@ 7 ]Ɋ& ! 7  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4bbfbb4f-cf97-47e8-a011-d249e71cebe4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b96bd779-2540-4973-b991-6022880b04d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X 7 ]Ɋ& !X 7  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b8399379-9e7c-4321-94a4-b4c717a61610 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p 7 ]Ɋ& !X 7 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b8399379-9e7c-4321-94a4-b4c717a61610 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h 7 ]Ɋ& !X 7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b8399379-9e7c-4321-94a4-b4c717a61610 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` 7 ]Ɋ& !X 7 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b8399379-9e7c-4321-94a4-b4c717a61610 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` 7 ]Ɋ& !X 7 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b8399379-9e7c-4321-94a4-b4c717a61610 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**h 7 ]Ɋ& !X 7 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b8399379-9e7c-4321-94a4-b4c717a61610 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineSh** 7 ]Ɋ&  ! 7 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b8399379-9e7c-4321-94a4-b4c717a61610 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9590580-5b7b-40c0-8e7f-f8d4bdb53662 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ped **7 ]Ɋ& !7 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b8399379-9e7c-4321-94a4-b4c717a61610 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9590580-5b7b-40c0-8e7f-f8d4bdb53662 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt**87 ]Ɋ& !X7 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a66cc75f-a89b-47d1-bfd7-7b34e8bc4c1d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nm8**P7 ]Ɋ& !X7 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a66cc75f-a89b-47d1-bfd7-7b34e8bc4c1d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idP**P7 ]Ɋ& !X7 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a66cc75f-a89b-47d1-bfd7-7b34e8bc4c1d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartP**H7 ]Ɋ& !X7 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a66cc75f-a89b-47d1-bfd7-7b34e8bc4c1d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ReH**H7 ]Ɋ& !X7 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a66cc75f-a89b-47d1-bfd7-7b34e8bc4c1d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H7 ]Ɋ& !X7 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a66cc75f-a89b-47d1-bfd7-7b34e8bc4c1d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**7 ]Ɋ& !7 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a66cc75f-a89b-47d1-bfd7-7b34e8bc4c1d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9266be95-1416-458d-9265-657949c674bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**7 ]Ɋ& !7 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a66cc75f-a89b-47d1-bfd7-7b34e8bc4c1d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9266be95-1416-458d-9265-657949c674bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X,=7 ]Ɋ& !X,=7 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5231e8d3-5688-41e8-9109-ad0f9457cb1c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaX**p,=7 ]Ɋ& !X,=7 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5231e8d3-5688-41e8-9109-ad0f9457cb1c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**h,=7 ]Ɋ& !X,=7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5231e8d3-5688-41e8-9109-ad0f9457cb1c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**` ,=7 ]Ɋ& !X,=7  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5231e8d3-5688-41e8-9109-ad0f9457cb1c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`!,=7 ]Ɋ& !X,=7! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5231e8d3-5688-41e8-9109-ad0f9457cb1c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=`**`",=7 ]Ɋ& !X,=7" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5231e8d3-5688-41e8-9109-ad0f9457cb1c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**#,=7 ]Ɋ& !,=7# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5231e8d3-5688-41e8-9109-ad0f9457cb1c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6e4c628-2ebf-46b6-83ea-6ee3f5570f01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$,=7 ]Ɋ& !,=7$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5231e8d3-5688-41e8-9109-ad0f9457cb1c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6e4c628-2ebf-46b6-83ea-6ee3f5570f01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f **(%,=7 ]Ɋ& !X,=7% F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=22d7fef6-eb06-41f1-95b8-8490dffd24a8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@&,=7 ]Ɋ& !X,=7& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=22d7fef6-eb06-41f1-95b8-8490dffd24a8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@',=7 ]Ɋ& !X,=7' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=22d7fef6-eb06-41f1-95b8-8490dffd24a8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin@**8(,=7 ]Ɋ& !X,=7( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=22d7fef6-eb06-41f1-95b8-8490dffd24a8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8),=7 ]Ɋ& !X,=7) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=22d7fef6-eb06-41f1-95b8-8490dffd24a8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8*,=7 ]Ɋ& !X,=7* F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=22d7fef6-eb06-41f1-95b8-8490dffd24a8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== 8**+,=7 ]Ɋ& !,=7+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=22d7fef6-eb06-41f1-95b8-8490dffd24a8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ff122af8-8608-49f5-847d-ad1b2517b524 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge**,ջ7 ]Ɋ& !ջ7, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=22d7fef6-eb06-41f1-95b8-8490dffd24a8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ff122af8-8608-49f5-847d-ad1b2517b524 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te';**X-7 ]Ɋ& !X7- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0288e20-a21d-4505-9cff-2ab14ad05c83 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p.7 ]Ɋ& !X7. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0288e20-a21d-4505-9cff-2ab14ad05c83 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX7/ F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XWi%i F&XElfChnk/`/`3 \&Mu=VysMc&&**p /7 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! S!X7/ F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0288e20-a21d-4505-9cff-2ab14ad05c83 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **h07 ]Ɋ& !X70 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0288e20-a21d-4505-9cff-2ab14ad05c83 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h17 ]Ɋ& !X71 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0288e20-a21d-4505-9cff-2ab14ad05c83 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h27 ]Ɋ& !X72 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0288e20-a21d-4505-9cff-2ab14ad05c83 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tah**37 ]Ɋ&  !73 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0288e20-a21d-4505-9cff-2ab14ad05c83 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3847cfbd-d5ae-4ed5-a6dd-096e55e6673d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e1**47 ]Ɋ& !74 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0288e20-a21d-4505-9cff-2ab14ad05c83 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3847cfbd-d5ae-4ed5-a6dd-096e55e6673d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,De**57 ]Ɋ& '!X75 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a3aa6397-a572-4187-b6e8-3fa07fb51a12 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**67 ]Ɋ& ?!X76 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a3aa6397-a572-4187-b6e8-3fa07fb51a12 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**77 ]Ɋ& ;!X77 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a3aa6397-a572-4187-b6e8-3fa07fb51a12 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hel**87 ]Ɋ& 3!X78 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a3aa6397-a572-4187-b6e8-3fa07fb51a12 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**97 ]Ɋ& 3!X79 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a3aa6397-a572-4187-b6e8-3fa07fb51a12 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll **:7 ]Ɋ& 5!X7: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a3aa6397-a572-4187-b6e8-3fa07fb51a12 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0;7 ]Ɋ& !7; F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a3aa6397-a572-4187-b6e8-3fa07fb51a12 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=61897670-dc9c-4062-aa40-9bb14d913252 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng0**@<о7 ]Ɋ& !о7< F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a3aa6397-a572-4187-b6e8-3fa07fb51a12 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=61897670-dc9c-4062-aa40-9bb14d913252 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**=𺚎 ]Ɋ& )!X𺚎= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2a9153f2-9515-4a69-a413-941fef21992e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**>𺚎 ]Ɋ& A!X𺚎> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2a9153f2-9515-4a69-a413-941fef21992e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **?𺚎 ]Ɋ& =!X𺚎? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2a9153f2-9515-4a69-a413-941fef21992e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**@𺚎 ]Ɋ& 5!X𺚎@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2a9153f2-9515-4a69-a413-941fef21992e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl**A𺚎 ]Ɋ& 5!X𺚎A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2a9153f2-9515-4a69-a413-941fef21992e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **B𺚎 ]Ɋ& 7!X𺚎B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2a9153f2-9515-4a69-a413-941fef21992e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2**0C2 ]Ɋ& !2C F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2a9153f2-9515-4a69-a413-941fef21992e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb605be3-86e2-48cc-9ef3-593e452f6c24 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=40**@D! ]Ɋ& !!D F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2a9153f2-9515-4a69-a413-941fef21992e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb605be3-86e2-48cc-9ef3-593e452f6c24 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**XE! ]Ɋ& !X!E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fc6c1fc1-7578-4499-a27d-cc26256f3012 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProX**pF! ]Ɋ& !X!F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fc6c1fc1-7578-4499-a27d-cc26256f3012 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt p**hG! ]Ɋ& !X!G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fc6c1fc1-7578-4499-a27d-cc26256f3012 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sh**`H! ]Ɋ& !X!H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fc6c1fc1-7578-4499-a27d-cc26256f3012 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**`I! ]Ɋ& !X!I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fc6c1fc1-7578-4499-a27d-cc26256f3012 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**hJ! ]Ɋ& !X!J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fc6c1fc1-7578-4499-a27d-cc26256f3012 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**K! ]Ɋ&  !!K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fc6c1fc1-7578-4499-a27d-cc26256f3012 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c36457fa-60eb-4fb4-9065-4155094eea4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c75f**L_ ]Ɋ& !_L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fc6c1fc1-7578-4499-a27d-cc26256f3012 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c36457fa-60eb-4fb4-9065-4155094eea4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fd**8M_ ]Ɋ& !X_M F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bf48f4d9-5720-4e87-852d-9681515ad92b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si8**PN_ ]Ɋ& !X_N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bf48f4d9-5720-4e87-852d-9681515ad92b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leP**PO_ ]Ɋ& !X_O F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bf48f4d9-5720-4e87-852d-9681515ad92b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HoP**HP_ ]Ɋ& !X_P F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bf48f4d9-5720-4e87-852d-9681515ad92b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eNumH**HQ_ ]Ɋ& !X_Q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bf48f4d9-5720-4e87-852d-9681515ad92b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**HR_ ]Ɋ& !X_R F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bf48f4d9-5720-4e87-852d-9681515ad92b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ateH**S_ ]Ɋ& !_S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bf48f4d9-5720-4e87-852d-9681515ad92b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a8ea131-ade4-428c-913f-9ec019a52125 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber**T_ ]Ɋ& !_T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bf48f4d9-5720-4e87-852d-9681515ad92b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a8ea131-ade4-428c-913f-9ec019a52125 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XUR ]Ɋ& !XRU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fcdca46e-1e35-4d91-9f91-61112b77054e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNamX**pVR ]Ɋ& !XRV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fcdca46e-1e35-4d91-9f91-61112b77054e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hWR ]Ɋ& !XRW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fcdca46e-1e35-4d91-9f91-61112b77054e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**`XR ]Ɋ& !XRX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fcdca46e-1e35-4d91-9f91-61112b77054e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=('`**`YR ]Ɋ& !XRY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fcdca46e-1e35-4d91-9f91-61112b77054e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ti`**`ZR ]Ɋ& !XRZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fcdca46e-1e35-4d91-9f91-61112b77054e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4`**[R ]Ɋ& !R[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fcdca46e-1e35-4d91-9f91-61112b77054e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d66389c1-0588-427c-8a6b-9e63e3f55a4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**\R ]Ɋ& !R\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fcdca46e-1e35-4d91-9f91-61112b77054e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d66389c1-0588-427c-8a6b-9e63e3f55a4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**(]R ]Ɋ& !XR] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a4368340-174e-4ec6-9a31-9feee74edfc6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@^R ]Ɋ& !XR^ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a4368340-174e-4ec6-9a31-9feee74edfc6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@_R ]Ɋ& !XR_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a4368340-174e-4ec6-9a31-9feee74edfc6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ace@**8`R ]Ɋ& !XR` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a4368340-174e-4ec6-9a31-9feee74edfc6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es[8nstalldate'] ]Ɋ& etXRa F&imatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX7/ F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XWi%i F&XElfChnkaa$zj5Mu=VysMc&&**8 aR ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XRa F&F%g>9{p(xlMD EventDatauoData !BinaryhRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a4368340-174e-4ec6-9a31-9feee74edfc6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8bR ]Ɋ& !XRb F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a4368340-174e-4ec6-9a31-9feee74edfc6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=In8**cR ]Ɋ& !Rc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a4368340-174e-4ec6-9a31-9feee74edfc6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8d2e8d2a-63d7-434a-8134-beebf72819ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WA**d뽚 ]Ɋ& !뽚d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a4368340-174e-4ec6-9a31-9feee74edfc6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8d2e8d2a-63d7-434a-8134-beebf72819ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=po**XeM ]Ɋ& !XMe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8c26d846-34e3-4dfb-a12e-e4c7511c639c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pfM ]Ɋ& !XMf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8c26d846-34e3-4dfb-a12e-e4c7511c639c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ep**pgM ]Ɋ& !XMg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8c26d846-34e3-4dfb-a12e-e4c7511c639c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**hhM ]Ɋ& !XMh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8c26d846-34e3-4dfb-a12e-e4c7511c639c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**hiM ]Ɋ& !XMi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8c26d846-34e3-4dfb-a12e-e4c7511c639c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNh**hjM ]Ɋ& !XMj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8c26d846-34e3-4dfb-a12e-e4c7511c639c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dBh**k| ]Ɋ&  !|k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8c26d846-34e3-4dfb-a12e-e4c7511c639c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7640e9b8-169f-47d5-98b8-5446db64562f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**l| ]Ɋ& !|l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8c26d846-34e3-4dfb-a12e-e4c7511c639c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7640e9b8-169f-47d5-98b8-5446db64562f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gine**mHÚ ]Ɋ& '!XHÚm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4a0977e3-d0ab-4652-9608-2e3145355391 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**nHÚ ]Ɋ& ?!XHÚn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4a0977e3-d0ab-4652-9608-2e3145355391 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**oHÚ ]Ɋ& ;!XHÚo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4a0977e3-d0ab-4652-9608-2e3145355391 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**pHÚ ]Ɋ& 3!XHÚp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4a0977e3-d0ab-4652-9608-2e3145355391 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsh**qHÚ ]Ɋ& 3!XHÚq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4a0977e3-d0ab-4652-9608-2e3145355391 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**rHÚ ]Ɋ& 5!XHÚr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4a0977e3-d0ab-4652-9608-2e3145355391 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=re**0sHÚ ]Ɋ& !HÚs F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4a0977e3-d0ab-4652-9608-2e3145355391 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9a09bcb0-f0d4-48ee-a003-fcc36fdcccef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@tmÚ ]Ɋ& !mÚt F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4a0977e3-d0ab-4652-9608-2e3145355391 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9a09bcb0-f0d4-48ee-a003-fcc36fdcccef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se@**u ]Ɋ& )!Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=04479b2a-8096-45e1-afc8-61d9ecb65b99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=27d-**v ]Ɋ& A!Xv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=04479b2a-8096-45e1-afc8-61d9ecb65b99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=C**w ]Ɋ& =!Xw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=04479b2a-8096-45e1-afc8-61d9ecb65b99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **x ]Ɋ& 5!Xx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=04479b2a-8096-45e1-afc8-61d9ecb65b99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**y ]Ɋ& 5!Xy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=04479b2a-8096-45e1-afc8-61d9ecb65b99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**z ]Ɋ& 7!Xz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=04479b2a-8096-45e1-afc8-61d9ecb65b99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**0{ ]Ɋ& !{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=04479b2a-8096-45e1-afc8-61d9ecb65b99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6b76a96-ddd1-4418-b542-7a519381a3fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a0**@|} ]Ɋ& !}| F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=04479b2a-8096-45e1-afc8-61d9ecb65b99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6b76a96-ddd1-4418-b542-7a519381a3fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e |@**X} ]Ɋ& !X} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5de971a3-ff3e-454f-8b31-d5e681e093f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pdaX**p~ ]Ɋ& !X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5de971a3-ff3e-454f-8b31-d5e681e093f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nEnp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5de971a3-ff3e-454f-8b31-d5e681e093f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5de971a3-ff3e-454f-8b31-d5e681e093f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5de971a3-ff3e-454f-8b31-d5e681e093f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5de971a3-ff3e-454f-8b31-d5e681e093f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ruh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5de971a3-ff3e-454f-8b31-d5e681e093f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c35b9b87-5b06-446a-b20f-ca7c173c6f45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pipe** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5de971a3-ff3e-454f-8b31-d5e681e093f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c35b9b87-5b06-446a-b20f-ca7c173c6f45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e83e022a-0621-40ad-a9d6-984a552235cb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e83e022a-0621-40ad-a9d6-984a552235cb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=unP**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e83e022a-0621-40ad-a9d6-984a552235cb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gineP**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e83e022a-0621-40ad-a9d6-984a552235cb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 65H**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e83e022a-0621-40ad-a9d6-984a552235cb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StriH**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e83e022a-0621-40ad-a9d6-984a552235cb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oluH** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e83e022a-0621-40ad-a9d6-984a552235cb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1215cbfe-bc63-48b4-887d-2740c490b068 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=553**F ]Ɋ& !F F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e83e022a-0621-40ad-a9d6-984a552235cb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1215cbfe-bc63-48b4-887d-2740c490b068 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**XF ]Ɋ& !XF F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3589bb3e-b8fe-4e5b-af28-158071ef6c64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arseX**pF ]Ɋ& !XF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3589bb3e-b8fe-4e5b-af28-158071ef6c64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**hF ]Ɋ& !XF F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3589bb3e-b8fe-4e5b-af28-158071ef6c64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eqh**`F ]Ɋ& !XF F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3589bb3e-b8fe-4e5b-af28-158071ef6c64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`F ]Ɋ& !XF F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3589bb3e-b8fe-4e5b-af28-158071ef6c64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri`**`F ]Ɋ& !XF F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3589bb3e-b8fe-4e5b-af28-158071ef6c64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`ElfChnk`χ1Mu=VysMc&&**F ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !F F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3589bb3e-b8fe-4e5b-af28-158071ef6c64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=820045aa-8d99-419c-b60d-ac7d897995b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**F ]Ɋ& !F F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3589bb3e-b8fe-4e5b-af28-158071ef6c64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=820045aa-8d99-419c-b60d-ac7d897995b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **(F ]Ɋ& !XF F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a075f43a-6097-4dc7-be6b-96b32c77f411 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@F ]Ɋ& !XF F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a075f43a-6097-4dc7-be6b-96b32c77f411 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@F ]Ɋ& !XF F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a075f43a-6097-4dc7-be6b-96b32c77f411 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | @**8F ]Ɋ& !XF F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a075f43a-6097-4dc7-be6b-96b32c77f411 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Se8**8F ]Ɋ& !XF F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a075f43a-6097-4dc7-be6b-96b32c77f411 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS8**8F ]Ɋ& !XF F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a075f43a-6097-4dc7-be6b-96b32c77f411 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**F ]Ɋ& !F F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a075f43a-6097-4dc7-be6b-96b32c77f411 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d94e9630-588c-4901-bb5a-9d6757c2d2d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si**s߈ ]Ɋ& !s߈ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a075f43a-6097-4dc7-be6b-96b32c77f411 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d94e9630-588c-4901-bb5a-9d6757c2d2d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obal**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2ecce1e0-d796-45d0-b284-458a55aa4203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2ecce1e0-d796-45d0-b284-458a55aa4203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.p**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2ecce1e0-d796-45d0-b284-458a55aa4203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e.pp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2ecce1e0-d796-45d0-b284-458a55aa4203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n.Ch**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2ecce1e0-d796-45d0-b284-458a55aa4203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2ecce1e0-d796-45d0-b284-458a55aa4203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pah** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2ecce1e0-d796-45d0-b284-458a55aa4203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1764ba38-d81d-41e6-8595-5ea12d5b07c9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7 ]Ɋ& !7 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2ecce1e0-d796-45d0-b284-458a55aa4203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1764ba38-d81d-41e6-8595-5ea12d5b07c9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**7 ]Ɋ& '!X7 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d77da5e0-7132-49ac-9ae8-90aa3dac222e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**7 ]Ɋ& ?!X7 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d77da5e0-7132-49ac-9ae8-90aa3dac222e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7 ]Ɋ& ;!X7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d77da5e0-7132-49ac-9ae8-90aa3dac222e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7 ]Ɋ& 3!X7 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d77da5e0-7132-49ac-9ae8-90aa3dac222e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ati**7 ]Ɋ& 3!X7 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d77da5e0-7132-49ac-9ae8-90aa3dac222e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7 ]Ɋ& 5!X7 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d77da5e0-7132-49ac-9ae8-90aa3dac222e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**07 ]Ɋ& !7 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d77da5e0-7132-49ac-9ae8-90aa3dac222e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fb9ff7ff-c765-4ecc-953d-ffbf0d0a5aac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@A ]Ɋ& !A F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d77da5e0-7132-49ac-9ae8-90aa3dac222e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fb9ff7ff-c765-4ecc-953d-ffbf0d0a5aac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stri@**eJ ]Ɋ& )!XeJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=893593c3-2477-4750-8a51-da59bbb53752 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tanc**eJ ]Ɋ& A!XeJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=893593c3-2477-4750-8a51-da59bbb53752 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e-45**eJ ]Ɋ& =!XeJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=893593c3-2477-4750-8a51-da59bbb53752 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **eJ ]Ɋ& 5!XeJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=893593c3-2477-4750-8a51-da59bbb53752 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**eJ ]Ɋ& 5!XeJ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=893593c3-2477-4750-8a51-da59bbb53752 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**eJ ]Ɋ& 7!XeJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=893593c3-2477-4750-8a51-da59bbb53752 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0eJ ]Ɋ& !eJ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=893593c3-2477-4750-8a51-da59bbb53752 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=36404125-c6ee-4c42-b4a4-6ccfdbd94161 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m0**@AfJ ]Ɋ& !AfJ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=893593c3-2477-4750-8a51-da59bbb53752 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=36404125-c6ee-4c42-b4a4-6ccfdbd94161 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P@**XAfJ ]Ɋ& !XAfJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f7e9d100-cc60-4dd4-b901-428f1ccf7317 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0X**pAfJ ]Ɋ& !XAfJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f7e9d100-cc60-4dd4-b901-428f1ccf7317 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=inep**hAfJ ]Ɋ& !XAfJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f7e9d100-cc60-4dd4-b901-428f1ccf7317 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh**`AfJ ]Ɋ& !XAfJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f7e9d100-cc60-4dd4-b901-428f1ccf7317 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`AfJ ]Ɋ& !XAfJ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f7e9d100-cc60-4dd4-b901-428f1ccf7317 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I`**hAfJ ]Ɋ& !XAfJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f7e9d100-cc60-4dd4-b901-428f1ccf7317 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nameh**AfJ ]Ɋ&  !AfJ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f7e9d100-cc60-4dd4-b901-428f1ccf7317 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6ff93420-5880-4c42-98dd-28a29705d253 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand**AfJ ]Ɋ& !AfJ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f7e9d100-cc60-4dd4-b901-428f1ccf7317 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6ff93420-5880-4c42-98dd-28a29705d253 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**81fJ ]Ɋ& !X1fJ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=41af8140-4a30-4b28-bae5-ff05ff814910 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sc8**P1fJ ]Ɋ& !X1fJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=41af8140-4a30-4b28-bae5-ff05ff814910 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P1fJ ]Ɋ& !X1fJ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=41af8140-4a30-4b28-bae5-ff05ff814910 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== P**H1fJ ]Ɋ& !X1fJ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=41af8140-4a30-4b28-bae5-ff05ff814910 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eId=H**H1fJ ]Ɋ& !X1fJ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=41af8140-4a30-4b28-bae5-ff05ff814910 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d= H**H1fJ ]Ɋ& !X1fJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=41af8140-4a30-4b28-bae5-ff05ff814910 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RH**1fJ ]Ɋ& !1fJ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=41af8140-4a30-4b28-bae5-ff05ff814910 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=323c1376-c700-457e-ad79-dd9a6a292cd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= mmandName=  ]Ɋ& CommandPath= Comm1fJElfChnkHIJ *Mu=VysMc&&**1fJ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !1fJ F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=41af8140-4a30-4b28-bae5-ff05ff814910 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=323c1376-c700-457e-ad79-dd9a6a292cd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**X1fJ ]Ɋ& !X1fJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9f8f469f-3e9e-405f-950f-6c3502afed98 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**p1fJ ]Ɋ& !X1fJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9f8f469f-3e9e-405f-950f-6c3502afed98 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**h1fJ ]Ɋ& !X1fJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9f8f469f-3e9e-405f-950f-6c3502afed98 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`1fJ ]Ɋ& !X1fJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9f8f469f-3e9e-405f-950f-6c3502afed98 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`1fJ ]Ɋ& !X1fJ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9f8f469f-3e9e-405f-950f-6c3502afed98 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`1fJ ]Ɋ& !X1fJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9f8f469f-3e9e-405f-950f-6c3502afed98 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**1fJ ]Ɋ& !1fJ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9f8f469f-3e9e-405f-950f-6c3502afed98 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59531b41-6d01-4e7f-a9d0-25027de7fddc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**1fJ ]Ɋ& !1fJ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9f8f469f-3e9e-405f-950f-6c3502afed98 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59531b41-6d01-4e7f-a9d0-25027de7fddc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(1fJ ]Ɋ& !X1fJ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=39cc7de7-fa6f-4148-83e1-9b32ddc76144 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2(**@1fJ ]Ɋ& !X1fJ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=39cc7de7-fa6f-4148-83e1-9b32ddc76144 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@1fJ ]Ɋ& !X1fJ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=39cc7de7-fa6f-4148-83e1-9b32ddc76144 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8rgJ ]Ɋ& !XrgJ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=39cc7de7-fa6f-4148-83e1-9b32ddc76144 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8rgJ ]Ɋ& !XrgJ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=39cc7de7-fa6f-4148-83e1-9b32ddc76144 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8rgJ ]Ɋ& !XrgJ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=39cc7de7-fa6f-4148-83e1-9b32ddc76144 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**rgJ ]Ɋ& !rgJ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=39cc7de7-fa6f-4148-83e1-9b32ddc76144 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2f30268c-ee83-477b-90ba-8e9225fb3f5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **^ hJ ]Ɋ& !^ hJ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=39cc7de7-fa6f-4148-83e1-9b32ddc76144 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2f30268c-ee83-477b-90ba-8e9225fb3f5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**XhJ ]Ɋ& !XhJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a48868ca-60f6-46b0-9a7c-15098cf2d246 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**phJ ]Ɋ& !XhJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a48868ca-60f6-46b0-9a7c-15098cf2d246 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**phJ ]Ɋ& !XhJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a48868ca-60f6-46b0-9a7c-15098cf2d246 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hhJ ]Ɋ& !XhJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a48868ca-60f6-46b0-9a7c-15098cf2d246 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hhJ ]Ɋ& !XhJ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a48868ca-60f6-46b0-9a7c-15098cf2d246 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hhJ ]Ɋ& !XhJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a48868ca-60f6-46b0-9a7c-15098cf2d246 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**hJ ]Ɋ&  !hJ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a48868ca-60f6-46b0-9a7c-15098cf2d246 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6a1f01b-2c71-46da-bac3-f7608b752437 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=804eaab3-686a-41b3-b110-233cce355952 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ce137084-53b5-4369-b70e-d705ba816d13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8M ]Ɋ& !XM F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0cb9d805-4161-42aa-8018-78fb8a50e826 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om8**PM ]Ɋ& !XM F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0cb9d805-4161-42aa-8018-78fb8a50e826 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**PM ]Ɋ& !XM F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0cb9d805-4161-42aa-8018-78fb8a50e826 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaP**HM ]Ɋ& !XM F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0cb9d805-4161-42aa-8018-78fb8a50e826 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iptNH**HM ]Ɋ& !XM F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0cb9d805-4161-42aa-8018-78fb8a50e826 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTypH**HM ]Ɋ& !XM F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0cb9d805-4161-42aa-8018-78fb8a50e826 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**M ]Ɋ& !M F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0cb9d805-4161-42aa-8018-78fb8a50e826 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2a112ac4-0390-4abd-a927-b0c6acd93d02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **M ]Ɋ& !M F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0cb9d805-4161-42aa-8018-78fb8a50e826 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2a112ac4-0390-4abd-a927-b0c6acd93d02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XN ]Ɋ& !XN F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=17ef4c4b-1fd2-4691-ac88-0cf578f2e4b2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulX**pN ]Ɋ& !XN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=17ef4c4b-1fd2-4691-ac88-0cf578f2e4b2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={ [p**hN ]Ɋ& !XN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=17ef4c4b-1fd2-4691-ac88-0cf578f2e4b2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3eh**`N ]Ɋ& !XN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=17ef4c4b-1fd2-4691-ac88-0cf578f2e4b2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rS`**`N ]Ɋ& !XN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=17ef4c4b-1fd2-4691-ac88-0cf578f2e4b2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`N ]Ɋ& !XN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=17ef4c4b-1fd2-4691-ac88-0cf578f2e4b2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**N ]Ɋ& !N F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=17ef4c4b-1fd2-4691-ac88-0cf578f2e4b2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bf95c722-24b5-4243-b71b-794ed6bc8b57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-**N ]Ɋ& !N F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=17ef4c4b-1fd2-4691-ac88-0cf578f2e4b2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bf95c722-24b5-4243-b71b-794ed6bc8b57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ure**(N ]Ɋ& !XN F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a7e86bc7-ab53-4fc0-98af-74f4a25f54c7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v(**@N ]Ɋ& !XN F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a7e86bc7-ab53-4fc0-98af-74f4a25f54c7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K@**@N ]Ɋ& !XN F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a7e86bc7-ab53-4fc0-98af-74f4a25f54c7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=@**8N ]Ɋ& !XN F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a7e86bc7-ab53-4fc0-98af-74f4a25f54c7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F8**8 N ]Ɋ& !XN  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a7e86bc7-ab53-4fc0-98af-74f4a25f54c7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam8**8 N ]Ɋ& !XN  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a7e86bc7-ab53-4fc0-98af-74f4a25f54c7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Gl8** N ]Ɋ& !N  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a7e86bc7-ab53-4fc0-98af-74f4a25f54c7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b5bb9c06-08c7-4102-b2ca-a956033220ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er** NO ]Ɋ& !NO  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a7e86bc7-ab53-4fc0-98af-74f4a25f54c7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b5bb9c06-08c7-4102-b2ca-a956033220ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tall**X Q ]Ɋ& !X Q  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1f2f2567-0648-4d61-bb77-acdb3c379133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\X**p Q ]Ɋ& !X Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1f2f2567-0648-4d61-bb77-acdb3c379133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\p**p Q ]Ɋ& !X Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1f2f2567-0648-4d61-bb77-acdb3c379133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=help**h Q ]Ɋ& !X Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1f2f2567-0648-4d61-bb77-acdb3c379133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ct h**h Q ]Ɋ& !X Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1f2f2567-0648-4d61-bb77-acdb3c379133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n';h**h Q ]Ɋ& !X Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1f2f2567-0648-4d61-bb77-acdb3c379133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=([h** Q ]Ɋ&  ! Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1f2f2567-0648-4d61-bb77-acdb3c379133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c4f3848-2104-4692-a988-5445f664e550 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta**IR ]Ɋ& !IR F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1f2f2567-0648-4d61-bb77-acdb3c379133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c4f3848-2104-4692-a988-5445f664e550 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omma**9R ]Ɋ& '!X9R F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=52ff49b1-d474-4b71-8c18-0770358f114e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**9R ]Ɋ& ?!X9R F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=52ff49b1-d474-4b71-8c18-0770358f114e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5**9R ]Ɋ& ;!X9R F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=52ff49b1-d474-4b71-8c18-0770358f114e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt **9R ]Ɋ& 3!X9R F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=52ff49b1-d474-4b71-8c18-0770358f114e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=**9R ]Ɋ& 3!X9R F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=52ff49b1-d474-4b71-8c18-0770358f114e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**9R ]Ɋ& 5!X9R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=52ff49b1-d474-4b71-8c18-0770358f114e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **09R ]Ɋ& !9R F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=52ff49b1-d474-4b71-8c18-0770358f114e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f95c6e2-2d35-4d57-a4e4-e2e2d2daba1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@zS ]Ɋ& !zS F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=52ff49b1-d474-4b71-8c18-0770358f114e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f95c6e2-2d35-4d57-a4e4-e2e2d2daba1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w@**=$, ]Ɋ& )!X=$, F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=721ac5a7-7ee3-415f-836c-9ac4a5f588b3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nter**=$, ]Ɋ& A!X=$, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=721ac5a7-7ee3-415f-836c-9ac4a5f588b3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**=$, ]Ɋ& =!X=$, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=721ac5a7-7ee3-415f-836c-9ac4a5f588b3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0** =$, ]Ɋ& 5!X=$,  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=721ac5a7-7ee3-415f-836c-9ac4a5f588b3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**!=$, ]Ɋ& 5!X=$,! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=721ac5a7-7ee3-415f-836c-9ac4a5f588b3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Va**"=$, ]Ɋ& 7!X=$," F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=721ac5a7-7ee3-415f-836c-9ac4a5f588b3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0#=$, ]Ɋ& !=$,# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=721ac5a7-7ee3-415f-836c-9ac4a5f588b3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a61a4d90-42d9-4d3a-8239-a8a79f611c14 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@$Ӽ, ]Ɋ& !Ӽ,$ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=721ac5a7-7ee3-415f-836c-9ac4a5f588b3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a61a4d90-42d9-4d3a-8239-a8a79f611c14 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5ba@6d13 Pipel ]Ɋ& meXjU-% F&e=ElfChnk%T%THezMu=VysMc&&**X%jU- ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ;!XjU-% F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5dc773c5-671b-4d91-987b-a4a2e2d9f095 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p&jU- ]Ɋ& !XjU-& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5dc773c5-671b-4d91-987b-a4a2e2d9f095 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h'jU- ]Ɋ& !XjU-' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5dc773c5-671b-4d91-987b-a4a2e2d9f095 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`(jU- ]Ɋ& !XjU-( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5dc773c5-671b-4d91-987b-a4a2e2d9f095 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`)jU- ]Ɋ& !XjU-) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5dc773c5-671b-4d91-987b-a4a2e2d9f095 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h*jU- ]Ɋ& !XjU-* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5dc773c5-671b-4d91-987b-a4a2e2d9f095 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h**+jU- ]Ɋ&  !jU-+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5dc773c5-671b-4d91-987b-a4a2e2d9f095 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6249ddb0-fac9-42b0-b440-ce0bd8c050e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M**,jU- ]Ɋ& !jU-, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5dc773c5-671b-4d91-987b-a4a2e2d9f095 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6249ddb0-fac9-42b0-b440-ce0bd8c050e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8-- ]Ɋ& !X-- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1f21eff3-634e-4f72-9680-764f5caf1511 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P.- ]Ɋ& !X-. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1f21eff3-634e-4f72-9680-764f5caf1511 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P/- ]Ɋ& !X-/ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1f21eff3-634e-4f72-9680-764f5caf1511 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H0- ]Ɋ& !X-0 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1f21eff3-634e-4f72-9680-764f5caf1511 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H1- ]Ɋ& !X-1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1f21eff3-634e-4f72-9680-764f5caf1511 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**H2- ]Ɋ& !X-2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1f21eff3-634e-4f72-9680-764f5caf1511 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**3- ]Ɋ& !-3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1f21eff3-634e-4f72-9680-764f5caf1511 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=615da138-d952-411a-8682-385d602acce0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**4- ]Ɋ& !-4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1f21eff3-634e-4f72-9680-764f5caf1511 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=615da138-d952-411a-8682-385d602acce0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X5. ]Ɋ& !X.5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ca941a97-d42d-4294-a920-d6af9efda50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p6. ]Ɋ& !X.6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ca941a97-d42d-4294-a920-d6af9efda50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**h7. ]Ɋ& !X.7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ca941a97-d42d-4294-a920-d6af9efda50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`8. ]Ɋ& !X.8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ca941a97-d42d-4294-a920-d6af9efda50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`9. ]Ɋ& !X.9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ca941a97-d42d-4294-a920-d6af9efda50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`:. ]Ɋ& !X.: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ca941a97-d42d-4294-a920-d6af9efda50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**;. ]Ɋ& !.; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ca941a97-d42d-4294-a920-d6af9efda50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=56646a20-77db-4e39-9256-3d6f55dce0a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<. ]Ɋ& !.< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ca941a97-d42d-4294-a920-d6af9efda50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=56646a20-77db-4e39-9256-3d6f55dce0a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(=-/ ]Ɋ& !X-/= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a214aa25-d88f-4835-830c-7badcf334f92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@>-/ ]Ɋ& !X-/> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a214aa25-d88f-4835-830c-7badcf334f92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b@**@?-/ ]Ɋ& !X-/? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a214aa25-d88f-4835-830c-7badcf334f92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8@-/ ]Ɋ& !X-/@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a214aa25-d88f-4835-830c-7badcf334f92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8A-/ ]Ɋ& !X-/A F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a214aa25-d88f-4835-830c-7badcf334f92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==1f8**8B-/ ]Ɋ& !X-/B F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a214aa25-d88f-4835-830c-7badcf334f92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**C-/ ]Ɋ& !-/C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a214aa25-d88f-4835-830c-7badcf334f92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8f30764d-3a8b-44e3-b7fb-fedb54b2dce9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**Dķ/ ]Ɋ& !ķ/D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a214aa25-d88f-4835-830c-7badcf334f92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8f30764d-3a8b-44e3-b7fb-fedb54b2dce9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**XE0 ]Ɋ& !X0E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=97af5cf6-7b54-4738-aee3-9111ea342f32 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**pF0 ]Ɋ& !X0F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=97af5cf6-7b54-4738-aee3-9111ea342f32 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pG0 ]Ɋ& !X0G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=97af5cf6-7b54-4738-aee3-9111ea342f32 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**hH0 ]Ɋ& !X0H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=97af5cf6-7b54-4738-aee3-9111ea342f32 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**hI0 ]Ɋ& !X0I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=97af5cf6-7b54-4738-aee3-9111ea342f32 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hJ0 ]Ɋ& !X0J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=97af5cf6-7b54-4738-aee3-9111ea342f32 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**K0 ]Ɋ&  !0K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=97af5cf6-7b54-4738-aee3-9111ea342f32 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=45ebdb47-6cee-4432-bf2b-2f27254728a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**L2 ]Ɋ& !2L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=97af5cf6-7b54-4738-aee3-9111ea342f32 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=45ebdb47-6cee-4432-bf2b-2f27254728a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **M2 ]Ɋ& '!X2M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ce8839bd-141c-479b-9d92-fa817a1d4581 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**N2 ]Ɋ& ?!X2N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ce8839bd-141c-479b-9d92-fa817a1d4581 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**O2 ]Ɋ& ;!X2O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ce8839bd-141c-479b-9d92-fa817a1d4581 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**P2 ]Ɋ& 3!X2P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ce8839bd-141c-479b-9d92-fa817a1d4581 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**Q2 ]Ɋ& 3!X2Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ce8839bd-141c-479b-9d92-fa817a1d4581 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**R2 ]Ɋ& 5!X2R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ce8839bd-141c-479b-9d92-fa817a1d4581 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0S2 ]Ɋ& !2S F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ce8839bd-141c-479b-9d92-fa817a1d4581 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=22461292-a3b5-40a0-bcdc-88dc4c59304a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@T2 ]Ɋ& !2T F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ce8839bd-141c-479b-9d92-fa817a1d4581 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=22461292-a3b5-40a0-bcdc-88dc4c59304a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4 @pelineId=  ]Ɋ& maX\U F&6d13 Pipel ]Ɋ& meXjU-% F&e=ElfChnkUUhPN3q9^uMu=VysMc&&**U\ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X\U F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ad621d83-087c-4076-b5cc-03f0270fd00b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**V\ ]Ɋ& A!X\V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ad621d83-087c-4076-b5cc-03f0270fd00b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**W\ ]Ɋ& =!X\W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ad621d83-087c-4076-b5cc-03f0270fd00b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**X\ ]Ɋ& 5!X\X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ad621d83-087c-4076-b5cc-03f0270fd00b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **Y\ ]Ɋ& 5!X\Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ad621d83-087c-4076-b5cc-03f0270fd00b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5d**Z\ ]Ɋ& 7!X\Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ad621d83-087c-4076-b5cc-03f0270fd00b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**0[\ ]Ɋ& !\[ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ad621d83-087c-4076-b5cc-03f0270fd00b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=25b17776-d6f5-4898-bcbf-e2a2e1c01b09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@\\ ]Ɋ& !\\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ad621d83-087c-4076-b5cc-03f0270fd00b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=25b17776-d6f5-4898-bcbf-e2a2e1c01b09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F@**X]%\ ]Ɋ& !X%\] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9f0e9a8-0fe5-42c8-a14c-31b3076dd519 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p^%\ ]Ɋ& !X%\^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9f0e9a8-0fe5-42c8-a14c-31b3076dd519 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**h_%\ ]Ɋ& !X%\_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9f0e9a8-0fe5-42c8-a14c-31b3076dd519 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**``%\ ]Ɋ& !X%\` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9f0e9a8-0fe5-42c8-a14c-31b3076dd519 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`a%\ ]Ɋ& !X%\a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9f0e9a8-0fe5-42c8-a14c-31b3076dd519 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hb%\ ]Ɋ& !X%\b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9f0e9a8-0fe5-42c8-a14c-31b3076dd519 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tarth**c%\ ]Ɋ&  !%\c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9f0e9a8-0fe5-42c8-a14c-31b3076dd519 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3cce4c17-856f-41cf-9026-14853245743a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **d%\ ]Ɋ& !%\d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9f0e9a8-0fe5-42c8-a14c-31b3076dd519 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3cce4c17-856f-41cf-9026-14853245743a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mb**8e%\ ]Ɋ& !X%\e F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6baaf12-36b8-498b-97d2-4419bda90c43 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne8**Pf%\ ]Ɋ& !X%\f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6baaf12-36b8-498b-97d2-4419bda90c43 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=P**Pg%\ ]Ɋ& !X%\g F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6baaf12-36b8-498b-97d2-4419bda90c43 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtedP**Hh%\ ]Ɋ& !X%\h F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6baaf12-36b8-498b-97d2-4419bda90c43 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FuH**Hi%\ ]Ɋ& !X%\i F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6baaf12-36b8-498b-97d2-4419bda90c43 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hj%\ ]Ɋ& !X%\j F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6baaf12-36b8-498b-97d2-4419bda90c43 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**k%\ ]Ɋ& !%\k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6baaf12-36b8-498b-97d2-4419bda90c43 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e53e9b4-7cf8-453c-b210-124a2c124346 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**l\ ]Ɋ& !\l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6baaf12-36b8-498b-97d2-4419bda90c43 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e53e9b4-7cf8-453c-b210-124a2c124346 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xm\ ]Ɋ& !X\m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=67721527-6c84-4814-852c-99b51acf12b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pn\ ]Ɋ& !X\n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=67721527-6c84-4814-852c-99b51acf12b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe= p**ho\ ]Ɋ& !X\o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=67721527-6c84-4814-852c-99b51acf12b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`p\ ]Ɋ& !X\p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=67721527-6c84-4814-852c-99b51acf12b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt`**`q\ ]Ɋ& !X\q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=67721527-6c84-4814-852c-99b51acf12b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`r\ ]Ɋ& !X\r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=67721527-6c84-4814-852c-99b51acf12b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**s\ ]Ɋ& !\s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=67721527-6c84-4814-852c-99b51acf12b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50c1478f-ac8a-4280-b431-60bea8901268 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **t\ ]Ɋ& !\t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=67721527-6c84-4814-852c-99b51acf12b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50c1478f-ac8a-4280-b431-60bea8901268 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(u\ ]Ɋ& !X\u F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a50bfb13-aee1-4866-a536-10f8901b3fa5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@v\ ]Ɋ& !X\v F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a50bfb13-aee1-4866-a536-10f8901b3fa5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@w\ ]Ɋ& !X\w F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a50bfb13-aee1-4866-a536-10f8901b3fa5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o('@**8x\ ]Ɋ& !X\x F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a50bfb13-aee1-4866-a536-10f8901b3fa5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayV8**8y\ ]Ɋ& !X\y F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a50bfb13-aee1-4866-a536-10f8901b3fa5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8z\ ]Ɋ& !X\z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a50bfb13-aee1-4866-a536-10f8901b3fa5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um8**{\ ]Ɋ& !\{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a50bfb13-aee1-4866-a536-10f8901b3fa5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8980480d-dff2-442a-8e61-d31da8557adc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|\ ]Ɋ& !\| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a50bfb13-aee1-4866-a536-10f8901b3fa5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8980480d-dff2-442a-8e61-d31da8557adc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= **X}\ ]Ɋ& !X\} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1a35886e-255e-4b31-9c98-8782b4391dcb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**p~\ ]Ɋ& !X\~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1a35886e-255e-4b31-9c98-8782b4391dcb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**p\ ]Ɋ& !X\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1a35886e-255e-4b31-9c98-8782b4391dcb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b47p**h\ ]Ɋ& !X\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1a35886e-255e-4b31-9c98-8782b4391dcb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**h\ ]Ɋ& !X\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1a35886e-255e-4b31-9c98-8782b4391dcb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h\ ]Ɋ& !X\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1a35886e-255e-4b31-9c98-8782b4391dcb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ph**\ ]Ɋ&  !\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1a35886e-255e-4b31-9c98-8782b4391dcb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b474f69e-05a4-430e-ada3-034d8e75e92a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **\ ]Ɋ& !\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1a35886e-255e-4b31-9c98-8782b4391dcb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b474f69e-05a4-430e-ada3-034d8e75e92a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hell**\ ]Ɋ& '!X\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b402b398-890b-4de1-bfa3-9481d88e5b81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**\ ]Ɋ& ?!X\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b402b398-890b-4de1-bfa3-9481d88e5b81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-9b-9d92-fa81 ]Ɋ& reX\ F&ame . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=22461292-a3b5-40a0-bcdc-88dc4c59304a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4 @pelineId=  ]Ɋ& maX\U F&6d13 Pipel ]Ɋ& meXjU-% F&e=ElfChnk@W%Mu=VysMc&&** \ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X\ F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b402b398-890b-4de1-bfa3-9481d88e5b81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **\ ]Ɋ& 3!X\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b402b398-890b-4de1-bfa3-9481d88e5b81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\ ]Ɋ& 3!X\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b402b398-890b-4de1-bfa3-9481d88e5b81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=027**\ ]Ɋ& 5!X\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b402b398-890b-4de1-bfa3-9481d88e5b81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0\ ]Ɋ& !\ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b402b398-890b-4de1-bfa3-9481d88e5b81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=36f65a9e-d2eb-44fc-9dd6-35f2f88febd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@ݷ\ ]Ɋ& !ݷ\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b402b398-890b-4de1-bfa3-9481d88e5b81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=36f65a9e-d2eb-44fc-9dd6-35f2f88febd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com@**g ]Ɋ& )!Xg F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=23e27a85-1ca1-44b3-acc2-026773117892 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **g ]Ɋ& A!Xg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=23e27a85-1ca1-44b3-acc2-026773117892 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tSta**g ]Ɋ& =!Xg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=23e27a85-1ca1-44b3-acc2-026773117892 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**g ]Ɋ& 5!Xg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=23e27a85-1ca1-44b3-acc2-026773117892 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**g ]Ɋ& 5!Xg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=23e27a85-1ca1-44b3-acc2-026773117892 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ve**g ]Ɋ& 7!Xg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=23e27a85-1ca1-44b3-acc2-026773117892 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**0g ]Ɋ& !g F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=23e27a85-1ca1-44b3-acc2-026773117892 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eb7258c1-2338-4f73-80fc-ac8567fc1f9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@3 ]Ɋ& !3 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=23e27a85-1ca1-44b3-acc2-026773117892 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eb7258c1-2338-4f73-80fc-ac8567fc1f9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X̲ ]Ɋ& !X̲ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5286ac2c-5d83-47df-8697-925cf0f89599 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p̲ ]Ɋ& !X̲ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5286ac2c-5d83-47df-8697-925cf0f89599 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h̲ ]Ɋ& !X̲ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5286ac2c-5d83-47df-8697-925cf0f89599 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`̲ ]Ɋ& !X̲ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5286ac2c-5d83-47df-8697-925cf0f89599 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`̲ ]Ɋ& !X̲ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5286ac2c-5d83-47df-8697-925cf0f89599 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h̲ ]Ɋ& !X̲ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5286ac2c-5d83-47df-8697-925cf0f89599 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah**̲ ]Ɋ&  !̲ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5286ac2c-5d83-47df-8697-925cf0f89599 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6cc3cae0-5ae1-4486-b918-8919a7026220 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New**̲ ]Ɋ& !̲ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5286ac2c-5d83-47df-8697-925cf0f89599 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6cc3cae0-5ae1-4486-b918-8919a7026220 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**8̲ ]Ɋ& !X̲ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=89d616e4-79a8-4919-a367-2fb376d7227c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**P̲ ]Ɋ& !X̲ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=89d616e4-79a8-4919-a367-2fb376d7227c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**P̲ ]Ɋ& !X̲ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=89d616e4-79a8-4919-a367-2fb376d7227c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**H̲ ]Ɋ& !X̲ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=89d616e4-79a8-4919-a367-2fb376d7227c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=qH**H̲ ]Ɋ& !X̲ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=89d616e4-79a8-4919-a367-2fb376d7227c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**H̲ ]Ɋ& !X̲ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=89d616e4-79a8-4919-a367-2fb376d7227c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**̲ ]Ɋ& !̲ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=89d616e4-79a8-4919-a367-2fb376d7227c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=29359d05-949d-4e47-95cd-4d8740114ff8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**+e ]Ɋ& !+e F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=89d616e4-79a8-4919-a367-2fb376d7227c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=29359d05-949d-4e47-95cd-4d8740114ff8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X+e ]Ɋ& !X+e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cfee2f59-a3aa-4212-aefd-44149a457d9f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p+e ]Ɋ& !X+e F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cfee2f59-a3aa-4212-aefd-44149a457d9f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h+e ]Ɋ& !X+e F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cfee2f59-a3aa-4212-aefd-44149a457d9f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`+e ]Ɋ& !X+e F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cfee2f59-a3aa-4212-aefd-44149a457d9f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3f`**`+e ]Ɋ& !X+e F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cfee2f59-a3aa-4212-aefd-44149a457d9f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`+e ]Ɋ& !X+e F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cfee2f59-a3aa-4212-aefd-44149a457d9f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**+e ]Ɋ& !+e F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cfee2f59-a3aa-4212-aefd-44149a457d9f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d06d0716-1aa4-4585-8aac-afccd2c54078 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**+e ]Ɋ& !+e F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cfee2f59-a3aa-4212-aefd-44149a457d9f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d06d0716-1aa4-4585-8aac-afccd2c54078 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=42a**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c9b25d6-7776-4f43-99a5-97e70cf6f6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c9b25d6-7776-4f43-99a5-97e70cf6f6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c9b25d6-7776-4f43-99a5-97e70cf6f6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c9b25d6-7776-4f43-99a5-97e70cf6f6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c9b25d6-7776-4f43-99a5-97e70cf6f6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c9b25d6-7776-4f43-99a5-97e70cf6f6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c9b25d6-7776-4f43-99a5-97e70cf6f6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b7c1fc5d-59a2-473c-ae70-d75efbd819ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**X ]Ɋ& !X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c9b25d6-7776-4f43-99a5-97e70cf6f6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b7c1fc5d-59a2-473c-ae70-d75efbd819ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**Xǵ ]Ɋ& !Xǵ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f615f860-1ecb-4eed-9da7-19469d639e87 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pǵ ]Ɋ& !Xǵ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f615f860-1ecb-4eed-9da7-19469d639e87 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pǵ ]Ɋ& !Xǵ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f615f860-1ecb-4eed-9da7-19469d639e87 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**hǵ ]Ɋ& !Xǵ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f615f860-1ecb-4eed-9da7-19469d639e87 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**hǵ ]Ɋ& !Xǵ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f615f860-1ecb-4eed-9da7-19469d639e87 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& Xǵ F&]Ɋ& meXjU-% F&e=ElfChnkH>;Mu=VysMc&&**p ǵ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!Xǵ F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f615f860-1ecb-4eed-9da7-19469d639e87 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp **ǵ ]Ɋ&  !ǵ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f615f860-1ecb-4eed-9da7-19469d639e87 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62ee7041-cf23-420f-84ec-3b1b2ccb179d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**` ]Ɋ& !` F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f615f860-1ecb-4eed-9da7-19469d639e87 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62ee7041-cf23-420f-84ec-3b1b2ccb179d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio**` ]Ɋ& '!X` F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a1538b78-e690-4413-aba8-ebca4174ac4d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**` ]Ɋ& ?!X` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a1538b78-e690-4413-aba8-ebca4174ac4d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**` ]Ɋ& ;!X` F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a1538b78-e690-4413-aba8-ebca4174ac4d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**` ]Ɋ& 3!X` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a1538b78-e690-4413-aba8-ebca4174ac4d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**` ]Ɋ& 3!X` F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a1538b78-e690-4413-aba8-ebca4174ac4d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t **` ]Ɋ& 5!X` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a1538b78-e690-4413-aba8-ebca4174ac4d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0` ]Ɋ& !` F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a1538b78-e690-4413-aba8-ebca4174ac4d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ee1f746f-b18d-4912-bed9-19877253dbca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=670**@H ]Ɋ& !H F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a1538b78-e690-4413-aba8-ebca4174ac4d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ee1f746f-b18d-4912-bed9-19877253dbca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**y# ]Ɋ& )!Xy# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7548cf53-224b-4ef9-a9ab-44e6c7599573 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**y# ]Ɋ& A!Xy# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7548cf53-224b-4ef9-a9ab-44e6c7599573 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**y# ]Ɋ& =!Xy# F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7548cf53-224b-4ef9-a9ab-44e6c7599573 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la**y# ]Ɋ& 5!Xy# F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7548cf53-224b-4ef9-a9ab-44e6c7599573 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**y# ]Ɋ& 5!Xy# F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7548cf53-224b-4ef9-a9ab-44e6c7599573 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**y# ]Ɋ& 7!Xy# F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7548cf53-224b-4ef9-a9ab-44e6c7599573 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**09# ]Ɋ& !9# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7548cf53-224b-4ef9-a9ab-44e6c7599573 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=380b7ede-b36a-4ecf-b8a4-2831a340b3b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@Ъ# ]Ɋ& !Ъ# F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7548cf53-224b-4ef9-a9ab-44e6c7599573 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=380b7ede-b36a-4ecf-b8a4-2831a340b3b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XЪ# ]Ɋ& !XЪ# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=66ee3fc8-3873-4a8b-a164-83234dc32073 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pЪ# ]Ɋ& !XЪ# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=66ee3fc8-3873-4a8b-a164-83234dc32073 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hЪ# ]Ɋ& !XЪ# F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=66ee3fc8-3873-4a8b-a164-83234dc32073 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`Ъ# ]Ɋ& !XЪ# F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=66ee3fc8-3873-4a8b-a164-83234dc32073 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Ъ# ]Ɋ& !XЪ# F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=66ee3fc8-3873-4a8b-a164-83234dc32073 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hЪ# ]Ɋ& !XЪ# F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=66ee3fc8-3873-4a8b-a164-83234dc32073 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vah**fC# ]Ɋ&  !fC# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=66ee3fc8-3873-4a8b-a164-83234dc32073 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e5c40784-8394-4386-b4cf-3e04a62e2492 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineS**fC# ]Ɋ& !fC# F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=66ee3fc8-3873-4a8b-a164-83234dc32073 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e5c40784-8394-4386-b4cf-3e04a62e2492 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8fC# ]Ɋ& !XfC# F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9e641a09-880f-4c17-9811-9f7711a44457 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=am8**PfC# ]Ɋ& !XfC# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9e641a09-880f-4c17-9811-9f7711a44457 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PP**PfC# ]Ɋ& !XfC# F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9e641a09-880f-4c17-9811-9f7711a44457 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSyP**HfC# ]Ɋ& !XfC# F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9e641a09-880f-4c17-9811-9f7711a44457 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**HfC# ]Ɋ& !XfC# F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9e641a09-880f-4c17-9811-9f7711a44457 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HfC# ]Ɋ& !XfC# F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9e641a09-880f-4c17-9811-9f7711a44457 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**fC# ]Ɋ& !fC# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9e641a09-880f-4c17-9811-9f7711a44457 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9502bd2e-9c71-425c-b128-e145b0b0377d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**fC# ]Ɋ& !fC# F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9e641a09-880f-4c17-9811-9f7711a44457 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9502bd2e-9c71-425c-b128-e145b0b0377d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X۩# ]Ɋ& !X۩# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=632f751b-3ace-4c8d-92e1-1914e5aa661c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p۩# ]Ɋ& !X۩# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=632f751b-3ace-4c8d-92e1-1914e5aa661c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h۩# ]Ɋ& !X۩# F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=632f751b-3ace-4c8d-92e1-1914e5aa661c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`۩# ]Ɋ& !X۩# F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=632f751b-3ace-4c8d-92e1-1914e5aa661c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ps`**`۩# ]Ɋ& !X۩# F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=632f751b-3ace-4c8d-92e1-1914e5aa661c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`۩# ]Ɋ& !X۩# F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=632f751b-3ace-4c8d-92e1-1914e5aa661c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q`**۩# ]Ɋ& !۩# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=632f751b-3ace-4c8d-92e1-1914e5aa661c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=79cfaebb-609c-44cb-875c-cbd9e534faee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**۩# ]Ɋ& !۩# F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=632f751b-3ace-4c8d-92e1-1914e5aa661c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=79cfaebb-609c-44cb-875c-cbd9e534faee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(t# ]Ɋ& !Xt# F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4cac96a9-8be2-4637-a651-f2651a717b1d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@t# ]Ɋ& !Xt# F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4cac96a9-8be2-4637-a651-f2651a717b1d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S@**@t# ]Ɋ& !Xt# F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4cac96a9-8be2-4637-a651-f2651a717b1d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=etC@**8t# ]Ɋ& !Xt# F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4cac96a9-8be2-4637-a651-f2651a717b1d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNa8**8t# ]Ɋ& !Xt# F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4cac96a9-8be2-4637-a651-f2651a717b1d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8t# ]Ɋ& !Xt# F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4cac96a9-8be2-4637-a651-f2651a717b1d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**t# ]Ɋ& !t# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4cac96a9-8be2-4637-a651-f2651a717b1d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=34e81e50-0148-4ddb-9233-81c820e83c34 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*** # ]Ɋ& !* # F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4cac96a9-8be2-4637-a651-f2651a717b1d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=34e81e50-0148-4ddb-9233-81c820e83c34 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== riptName=  ]Ɋ& XW># F&Xǵ F&]Ɋ& meXjU-% F&e=ElfChnkHMu=VysMc&&**` W># ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!XW># F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3005a297-4d17-4a7b-8e39-4fca19bfd0b7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **pW># ]Ɋ& !XW># F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3005a297-4d17-4a7b-8e39-4fca19bfd0b7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**pW># ]Ɋ& !XW># F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3005a297-4d17-4a7b-8e39-4fca19bfd0b7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**hW># ]Ɋ& !XW># F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3005a297-4d17-4a7b-8e39-4fca19bfd0b7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**hW># ]Ɋ& !XW># F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3005a297-4d17-4a7b-8e39-4fca19bfd0b7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hW># ]Ɋ& !XW># F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3005a297-4d17-4a7b-8e39-4fca19bfd0b7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**W># ]Ɋ&  !W># F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3005a297-4d17-4a7b-8e39-4fca19bfd0b7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be553011-b582-4447-aa05-6b54bf9611b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**֬# ]Ɋ& !֬# F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3005a297-4d17-4a7b-8e39-4fca19bfd0b7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be553011-b582-4447-aa05-6b54bf9611b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**֬# ]Ɋ& '!X֬# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ecd23c24-fcf8-40b9-986b-99df10223d7e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**֬# ]Ɋ& ?!X֬# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ecd23c24-fcf8-40b9-986b-99df10223d7e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**֬# ]Ɋ& ;!X֬# F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ecd23c24-fcf8-40b9-986b-99df10223d7e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9-a**֬# ]Ɋ& 3!X֬# F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ecd23c24-fcf8-40b9-986b-99df10223d7e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**֬# ]Ɋ& 3!X֬# F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ecd23c24-fcf8-40b9-986b-99df10223d7e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a9a**֬# ]Ɋ& 5!X֬# F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ecd23c24-fcf8-40b9-986b-99df10223d7e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0o# ]Ɋ& !o# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ecd23c24-fcf8-40b9-986b-99df10223d7e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=94812466-bba8-4729-9f2c-a2c01ce976b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@# ]Ɋ& !# F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ecd23c24-fcf8-40b9-986b-99df10223d7e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=94812466-bba8-4729-9f2c-a2c01ce976b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**! ]Ɋ& )!X! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dfc30b08-8e06-49ae-830b-ec8317c993f5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**! ]Ɋ& A!X! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dfc30b08-8e06-49ae-830b-ec8317c993f5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **! ]Ɋ& =!X! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dfc30b08-8e06-49ae-830b-ec8317c993f5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**! ]Ɋ& 5!X! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dfc30b08-8e06-49ae-830b-ec8317c993f5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**! ]Ɋ& 5!X! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dfc30b08-8e06-49ae-830b-ec8317c993f5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **! ]Ɋ& 7!X! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dfc30b08-8e06-49ae-830b-ec8317c993f5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0h]! ]Ɋ& !h]! F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dfc30b08-8e06-49ae-830b-ec8317c993f5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=792f757e-f1b1-4aa4-baf4-8cccf9201eca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@! ]Ɋ& !! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dfc30b08-8e06-49ae-830b-ec8317c993f5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=792f757e-f1b1-4aa4-baf4-8cccf9201eca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**X! ]Ɋ& !X! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=95cfb98d-eba2-4b0f-b9ce-80981dd1e1ce HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fX**p! ]Ɋ& !X! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=95cfb98d-eba2-4b0f-b9ce-80981dd1e1ce HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**h! ]Ɋ& !X! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=95cfb98d-eba2-4b0f-b9ce-80981dd1e1ce HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`! ]Ɋ& !X! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=95cfb98d-eba2-4b0f-b9ce-80981dd1e1ce HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**` ! ]Ɋ& !X!  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=95cfb98d-eba2-4b0f-b9ce-80981dd1e1ce HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**h ! ]Ɋ& !X!  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=95cfb98d-eba2-4b0f-b9ce-80981dd1e1ce HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih** ! ]Ɋ&  !!  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=95cfb98d-eba2-4b0f-b9ce-80981dd1e1ce HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=67ea6f7d-7e37-4c9c-b2fd-40e1184edc18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con** ! ]Ɋ& !!  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=95cfb98d-eba2-4b0f-b9ce-80981dd1e1ce HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=67ea6f7d-7e37-4c9c-b2fd-40e1184edc18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8 ! ]Ɋ& !X!  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6c556d3f-edd8-4035-a008-ba49c9828100 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**P! ]Ɋ& !X! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6c556d3f-edd8-4035-a008-ba49c9828100 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**P! ]Ɋ& !X! F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6c556d3f-edd8-4035-a008-ba49c9828100 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**H! ]Ɋ& !X! F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6c556d3f-edd8-4035-a008-ba49c9828100 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**H! ]Ɋ& !X! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6c556d3f-edd8-4035-a008-ba49c9828100 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**H! ]Ɋ& !X! F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6c556d3f-edd8-4035-a008-ba49c9828100 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**! ]Ɋ& !! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6c556d3f-edd8-4035-a008-ba49c9828100 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8f880d0d-df22-4f15-ac3c-0f5c2eb12c69 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **! ]Ɋ& !! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6c556d3f-edd8-4035-a008-ba49c9828100 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8f880d0d-df22-4f15-ac3c-0f5c2eb12c69 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X! ]Ɋ& !X! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1fb1aceb-4381-43ea-8c41-dff178eef605 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p! ]Ɋ& !X! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1fb1aceb-4381-43ea-8c41-dff178eef605 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**h! ]Ɋ& !X! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1fb1aceb-4381-43ea-8c41-dff178eef605 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`! ]Ɋ& !X! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1fb1aceb-4381-43ea-8c41-dff178eef605 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`! ]Ɋ& !X! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1fb1aceb-4381-43ea-8c41-dff178eef605 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`! ]Ɋ& !X! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1fb1aceb-4381-43ea-8c41-dff178eef605 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**! ]Ɋ& !! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1fb1aceb-4381-43ea-8c41-dff178eef605 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d65cbf2-e1c2-4885-a691-074bf4350ccf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**! ]Ɋ& !! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1fb1aceb-4381-43ea-8c41-dff178eef605 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d65cbf2-e1c2-4885-a691-074bf4350ccf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(+'! ]Ɋ& !X+'! F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e7e5721a-8ef5-424b-a7b7-faf8472d3f82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@+'! ]Ɋ& !X+'! F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e7e5721a-8ef5-424b-a7b7-faf8472d3f82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @riptName=  ]Ɋ& X+'! F&Xǵ F&]Ɋ& meXjU-% F&e=ElfChnkOOPFgMu=VysMc&&**@ +'! ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!X+'! F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e7e5721a-8ef5-424b-a7b7-faf8472d3f82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8 +'! ]Ɋ& !X+'!  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e7e5721a-8ef5-424b-a7b7-faf8472d3f82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8!+'! ]Ɋ& !X+'!! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e7e5721a-8ef5-424b-a7b7-faf8472d3f82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8"+'! ]Ɋ& !X+'!" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e7e5721a-8ef5-424b-a7b7-faf8472d3f82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**#+'! ]Ɋ& !+'!# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e7e5721a-8ef5-424b-a7b7-faf8472d3f82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=25b86a26-6d7f-4408-9ef1-691e77f71fec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re**$¿! ]Ɋ& !¿!$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e7e5721a-8ef5-424b-a7b7-faf8472d3f82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=25b86a26-6d7f-4408-9ef1-691e77f71fec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X%XX! ]Ɋ& !XXX!% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=163fdb8f-6003-4e1e-9af1-3f7f920b4deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**p&XX! ]Ɋ& !XXX!& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=163fdb8f-6003-4e1e-9af1-3f7f920b4deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p'XX! ]Ɋ& !XXX!' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=163fdb8f-6003-4e1e-9af1-3f7f920b4deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**h(XX! ]Ɋ& !XXX!( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=163fdb8f-6003-4e1e-9af1-3f7f920b4deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**h)XX! ]Ɋ& !XXX!) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=163fdb8f-6003-4e1e-9af1-3f7f920b4deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h*XX! ]Ɋ& !XXX!* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=163fdb8f-6003-4e1e-9af1-3f7f920b4deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**+XX! ]Ɋ&  !XX!+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=163fdb8f-6003-4e1e-9af1-3f7f920b4deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d55e1813-7294-49b5-92df-86b77d63b593 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**,! ]Ɋ& !!, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=163fdb8f-6003-4e1e-9af1-3f7f920b4deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d55e1813-7294-49b5-92df-86b77d63b593 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**-! ]Ɋ& '!X!- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b12f9803-0902-487f-9b4b-19a534f32b58 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**.! ]Ɋ& ?!X!. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b12f9803-0902-487f-9b4b-19a534f32b58 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**/! ]Ɋ& ;!X!/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b12f9803-0902-487f-9b4b-19a534f32b58 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-49**0! ]Ɋ& 3!X!0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b12f9803-0902-487f-9b4b-19a534f32b58 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****1! ]Ɋ& 3!X!1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b12f9803-0902-487f-9b4b-19a534f32b58 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9ae**2! ]Ɋ& 5!X!2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b12f9803-0902-487f-9b4b-19a534f32b58 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**03! ]Ɋ& !!3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b12f9803-0902-487f-9b4b-19a534f32b58 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=18ca117b-4685-44f7-b5fa-1205f1fd1916 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@4"! ]Ɋ& !"!4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b12f9803-0902-487f-9b4b-19a534f32b58 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=18ca117b-4685-44f7-b5fa-1205f1fd1916 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**5D^~ ]Ɋ& )!XD^~5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=73bd532b-baea-4533-9cbd-5720357ed8ed HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**6D^~ ]Ɋ& A!XD^~6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=73bd532b-baea-4533-9cbd-5720357ed8ed HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId**7D^~ ]Ɋ& =!XD^~7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=73bd532b-baea-4533-9cbd-5720357ed8ed HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**8D^~ ]Ɋ& 5!XD^~8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=73bd532b-baea-4533-9cbd-5720357ed8ed HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/**9D^~ ]Ɋ& 5!XD^~9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=73bd532b-baea-4533-9cbd-5720357ed8ed HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e1**:D^~ ]Ɋ& 7!XD^~: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=73bd532b-baea-4533-9cbd-5720357ed8ed HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0;D^~ ]Ɋ& !D^~; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=73bd532b-baea-4533-9cbd-5720357ed8ed HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ffe94ac3-f711-43e6-ac7e-37fb38d6a97e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@<p_~ ]Ɋ& !p_~< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=73bd532b-baea-4533-9cbd-5720357ed8ed HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ffe94ac3-f711-43e6-ac7e-37fb38d6a97e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**X=q `~ ]Ɋ& !Xq `~= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0be0abd3-dc0c-4f46-94c6-9076edd734f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p>q `~ ]Ɋ& !Xq `~> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0be0abd3-dc0c-4f46-94c6-9076edd734f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h?q `~ ]Ɋ& !Xq `~? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0be0abd3-dc0c-4f46-94c6-9076edd734f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`@q `~ ]Ɋ& !Xq `~@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0be0abd3-dc0c-4f46-94c6-9076edd734f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`Aq `~ ]Ɋ& !Xq `~A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0be0abd3-dc0c-4f46-94c6-9076edd734f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**hBq `~ ]Ɋ& !Xq `~B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0be0abd3-dc0c-4f46-94c6-9076edd734f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**Cq `~ ]Ɋ&  !q `~C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0be0abd3-dc0c-4f46-94c6-9076edd734f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1c0385a2-e9c4-46e6-849b-b8d6226b5968 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**Dq `~ ]Ɋ& !q `~D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0be0abd3-dc0c-4f46-94c6-9076edd734f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1c0385a2-e9c4-46e6-849b-b8d6226b5968 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8Eq `~ ]Ɋ& !Xq `~E F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07d8ec77-ec1c-4b60-ad00-cb5fa7a65036 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**PFq `~ ]Ɋ& !Xq `~F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07d8ec77-ec1c-4b60-ad00-cb5fa7a65036 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**PGq `~ ]Ɋ& !Xq `~G F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07d8ec77-ec1c-4b60-ad00-cb5fa7a65036 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**HHq `~ ]Ɋ& !Xq `~H F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07d8ec77-ec1c-4b60-ad00-cb5fa7a65036 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**HIq `~ ]Ɋ& !Xq `~I F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07d8ec77-ec1c-4b60-ad00-cb5fa7a65036 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**HJq `~ ]Ɋ& !Xq `~J F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07d8ec77-ec1c-4b60-ad00-cb5fa7a65036 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**Kq `~ ]Ɋ& !q `~K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07d8ec77-ec1c-4b60-ad00-cb5fa7a65036 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=627e13fd-2ed5-46c3-a7c9-785ac9d06bed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**Lq `~ ]Ɋ& !q `~L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07d8ec77-ec1c-4b60-ad00-cb5fa7a65036 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=627e13fd-2ed5-46c3-a7c9-785ac9d06bed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**XM`~ ]Ɋ& !X`~M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5c813360-96c2-471b-b428-6e5debea3e3d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!X**pN`~ ]Ɋ& !X`~N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5c813360-96c2-471b-b428-6e5debea3e3d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**hO`~ ]Ɋ& !X`~O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5c813360-96c2-471b-b428-6e5debea3e3d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  X`~P F&CommandPath= CommandLine= @riptName=  ]Ɋ& X+'! F&Xǵ F&]Ɋ& meXjU-% F&e=ElfChnkPPX[wٶrMu=VysMc&&**hP`~ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X`~P F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5c813360-96c2-471b-b428-6e5debea3e3d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`Q`~ ]Ɋ& !X`~Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5c813360-96c2-471b-b428-6e5debea3e3d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`R`~ ]Ɋ& !X`~R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5c813360-96c2-471b-b428-6e5debea3e3d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**S`~ ]Ɋ& !`~S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5c813360-96c2-471b-b428-6e5debea3e3d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8f236c6-bbff-43b1-adaa-39baa6085378 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **T`~ ]Ɋ& !`~T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5c813360-96c2-471b-b428-6e5debea3e3d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8f236c6-bbff-43b1-adaa-39baa6085378 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(U`~ ]Ɋ& !X`~U F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=90cdb447-4a12-478d-a7c5-5f0d173631f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@V`~ ]Ɋ& !X`~V F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=90cdb447-4a12-478d-a7c5-5f0d173631f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@W`~ ]Ɋ& !X`~W F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=90cdb447-4a12-478d-a7c5-5f0d173631f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8X`~ ]Ɋ& !X`~X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=90cdb447-4a12-478d-a7c5-5f0d173631f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8Y`~ ]Ɋ& !X`~Y F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=90cdb447-4a12-478d-a7c5-5f0d173631f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8Z`~ ]Ɋ& !X`~Z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=90cdb447-4a12-478d-a7c5-5f0d173631f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8**[`~ ]Ɋ& !`~[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=90cdb447-4a12-478d-a7c5-5f0d173631f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=aa645929-3d58-4cc5-bb9e-12d5f4b65dff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**\:a~ ]Ɋ& !:a~\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=90cdb447-4a12-478d-a7c5-5f0d173631f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=aa645929-3d58-4cc5-bb9e-12d5f4b65dff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**X]bc~ ]Ɋ& !Xbc~] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=44c33be4-d93e-4f3f-9d41-7966aec75eb0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p^bc~ ]Ɋ& !Xbc~^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=44c33be4-d93e-4f3f-9d41-7966aec75eb0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p_bc~ ]Ɋ& !Xbc~_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=44c33be4-d93e-4f3f-9d41-7966aec75eb0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h`bc~ ]Ɋ& !Xbc~` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=44c33be4-d93e-4f3f-9d41-7966aec75eb0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**habc~ ]Ɋ& !Xbc~a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=44c33be4-d93e-4f3f-9d41-7966aec75eb0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**hbbc~ ]Ɋ& !Xbc~b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=44c33be4-d93e-4f3f-9d41-7966aec75eb0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b1h**cbc~ ]Ɋ&  !bc~c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=44c33be4-d93e-4f3f-9d41-7966aec75eb0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3883874e-2dc5-4d98-959f-dc46335dd0fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **dc~ ]Ɋ& !c~d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=44c33be4-d93e-4f3f-9d41-7966aec75eb0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3883874e-2dc5-4d98-959f-dc46335dd0fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base**ec~ ]Ɋ& '!Xc~e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=624e4f46-636d-4d28-aad1-675f4a3c3287 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**fc~ ]Ɋ& ?!Xc~f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=624e4f46-636d-4d28-aad1-675f4a3c3287 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**gc~ ]Ɋ& ;!Xc~g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=624e4f46-636d-4d28-aad1-675f4a3c3287 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe**hc~ ]Ɋ& 3!Xc~h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=624e4f46-636d-4d28-aad1-675f4a3c3287 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F**ic~ ]Ɋ& 3!Xc~i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=624e4f46-636d-4d28-aad1-675f4a3c3287 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers**jc~ ]Ɋ& 5!Xc~j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=624e4f46-636d-4d28-aad1-675f4a3c3287 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0kc~ ]Ɋ& !c~k F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=624e4f46-636d-4d28-aad1-675f4a3c3287 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ef181039-920a-44ec-9380-25032b519614 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6a0**@l5d~ ]Ɋ& !5d~l F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=624e4f46-636d-4d28-aad1-675f4a3c3287 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ef181039-920a-44ec-9380-25032b519614 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @**m A ]Ɋ& )!X Am F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=65b11f97-575b-4e4e-854f-0560ae9804aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**n A ]Ɋ& A!X An F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=65b11f97-575b-4e4e-854f-0560ae9804aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**o A ]Ɋ& =!X Ao F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=65b11f97-575b-4e4e-854f-0560ae9804aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **p A ]Ɋ& 5!X Ap F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=65b11f97-575b-4e4e-854f-0560ae9804aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**q A ]Ɋ& 5!X Aq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=65b11f97-575b-4e4e-854f-0560ae9804aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**r A ]Ɋ& 7!X Ar F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=65b11f97-575b-4e4e-854f-0560ae9804aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0s A ]Ɋ& ! As F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=65b11f97-575b-4e4e-854f-0560ae9804aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=71512d70-6cd1-48f5-9e9f-fb7890a74ac1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@tA ]Ɋ& !At F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=65b11f97-575b-4e4e-854f-0560ae9804aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=71512d70-6cd1-48f5-9e9f-fb7890a74ac1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0b@**XuF^Mu=VysMc&&**HF9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7b7e653f-7217-4199-9d2b-e5bc372d74ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**HF9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3e64634-134c-43e9-bb4d-2b74375024c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**X ]Ɋ&  !X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3e64634-134c-43e9-bb4d-2b74375024c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c44135a8-cdf1-4734-92dc-da091585e14a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F**X ]Ɋ& !X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3e64634-134c-43e9-bb4d-2b74375024c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c44135a8-cdf1-4734-92dc-da091585e14a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8X ]Ɋ& !XX F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=acb75fa8-ee1d-46a2-a13c-1ca4cc0579c6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PX ]Ɋ& !XX F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=acb75fa8-ee1d-46a2-a13c-1ca4cc0579c6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PX ]Ɋ& !XX F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=acb75fa8-ee1d-46a2-a13c-1ca4cc0579c6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**HX ]Ɋ& !XX F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=acb75fa8-ee1d-46a2-a13c-1ca4cc0579c6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**HX ]Ɋ& !XX F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=acb75fa8-ee1d-46a2-a13c-1ca4cc0579c6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**HX ]Ɋ& !XX F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=acb75fa8-ee1d-46a2-a13c-1ca4cc0579c6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H**X ]Ɋ& !X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=acb75fa8-ee1d-46a2-a13c-1ca4cc0579c6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bcd195aa-152c-4077-84d6-081f63c23f1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**﫩 ]Ɋ& !﫩 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=acb75fa8-ee1d-46a2-a13c-1ca4cc0579c6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bcd195aa-152c-4077-84d6-081f63c23f1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**X﫩 ]Ɋ& !X﫩 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f8428fdb-6fe0-4dc9-84cb-fc88726d5d2c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**p﫩 ]Ɋ& !X﫩 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f8428fdb-6fe0-4dc9-84cb-fc88726d5d2c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**h﫩 ]Ɋ& !X﫩 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f8428fdb-6fe0-4dc9-84cb-fc88726d5d2c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`﫩 ]Ɋ& !X﫩 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f8428fdb-6fe0-4dc9-84cb-fc88726d5d2c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`﫩 ]Ɋ& !X﫩 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f8428fdb-6fe0-4dc9-84cb-fc88726d5d2c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`﫩 ]Ɋ& !X﫩 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f8428fdb-6fe0-4dc9-84cb-fc88726d5d2c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**﫩 ]Ɋ& !﫩 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f8428fdb-6fe0-4dc9-84cb-fc88726d5d2c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea407499-b337-4dd6-b96b-5e8b29987623 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**﫩 ]Ɋ& !﫩 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f8428fdb-6fe0-4dc9-84cb-fc88726d5d2c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea407499-b337-4dd6-b96b-5e8b29987623 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(﫩 ]Ɋ& !X﫩 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6520106d-3515-4f16-8b73-114e78667e32 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@﫩 ]Ɋ& !X﫩 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6520106d-3515-4f16-8b73-114e78667e32 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@﫩 ]Ɋ& !X﫩 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6520106d-3515-4f16-8b73-114e78667e32 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**8﫩 ]Ɋ& !X﫩 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6520106d-3515-4f16-8b73-114e78667e32 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8﫩 ]Ɋ& !X﫩 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6520106d-3515-4f16-8b73-114e78667e32 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8﫩 ]Ɋ& !X﫩 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6520106d-3515-4f16-8b73-114e78667e32 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**﫩 ]Ɋ& !﫩 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6520106d-3515-4f16-8b73-114e78667e32 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3abb4c56-dd91-430c-82d2-0ee27b27dd94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6520106d-3515-4f16-8b73-114e78667e32 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3abb4c56-dd91-430c-82d2-0ee27b27dd94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**Xu ]Ɋ& !Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5020138d-f61e-4cd4-817a-2b2f0a44ecd1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pu ]Ɋ& !Xu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5020138d-f61e-4cd4-817a-2b2f0a44ecd1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pu ]Ɋ& !Xu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5020138d-f61e-4cd4-817a-2b2f0a44ecd1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfop**hu ]Ɋ& !Xu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5020138d-f61e-4cd4-817a-2b2f0a44ecd1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insh**hu ]Ɋ& !Xu F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5020138d-f61e-4cd4-817a-2b2f0a44ecd1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIdh**hu ]Ɋ& !Xu F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5020138d-f61e-4cd4-817a-2b2f0a44ecd1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omh**u ]Ɋ&  !u F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5020138d-f61e-4cd4-817a-2b2f0a44ecd1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2dd08ca0-06d1-4ba8-a4ab-d444042d9fc5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**I ]Ɋ& !I F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5020138d-f61e-4cd4-817a-2b2f0a44ecd1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2dd08ca0-06d1-4ba8-a4ab-d444042d9fc5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oleH**I ]Ɋ& '!XI F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8e2f5f7b-f027-4f48-88d0-1227ecfea7a8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**I ]Ɋ& ?!XI F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8e2f5f7b-f027-4f48-88d0-1227ecfea7a8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**I ]Ɋ& ;!XI F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8e2f5f7b-f027-4f48-88d0-1227ecfea7a8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**I ]Ɋ& 3!XI F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8e2f5f7b-f027-4f48-88d0-1227ecfea7a8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **I ]Ɋ& 3!XI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8e2f5f7b-f027-4f48-88d0-1227ecfea7a8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame**I ]Ɋ& 5!XI F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8e2f5f7b-f027-4f48-88d0-1227ecfea7a8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rs**0I ]Ɋ& !I F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8e2f5f7b-f027-4f48-88d0-1227ecfea7a8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ba8ef576-180b-442b-b96c-df348166a1d8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er0**@v? ]Ɋ& !v? F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8e2f5f7b-f027-4f48-88d0-1227ecfea7a8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ba8ef576-180b-442b-b96c-df348166a1d8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f45d@**md ]Ɋ& )!Xmd F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=prod**md ]Ɋ& A!Xmd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se**md ]Ɋ& =!Xmd F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=24**md ]Ɋ& 5!Xmd F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**md ]Ɋ& 5!Xmd F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**md ]Ɋ& 7!Xmd F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkM;&qMu=VysMc&&**8md ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !md F&F%g>9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=040ea8fa-4892-4bc9-be6e-5f914f410700 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=040ea8fa-4892-4bc9-be6e-5f914f410700 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ac3e5525-ed62-425c-8038-22501b0dc273 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ac3e5525-ed62-425c-8038-22501b0dc273 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ac3e5525-ed62-425c-8038-22501b0dc273 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ac3e5525-ed62-425c-8038-22501b0dc273 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ac3e5525-ed62-425c-8038-22501b0dc273 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ac3e5525-ed62-425c-8038-22501b0dc273 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ac3e5525-ed62-425c-8038-22501b0dc273 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e7f8403-3337-4a04-919b-db614100c9a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ac3e5525-ed62-425c-8038-22501b0dc273 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e7f8403-3337-4a04-919b-db614100c9a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ada21304-75c5-49cf-857b-eb3d9084c9e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ada21304-75c5-49cf-857b-eb3d9084c9e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ada21304-75c5-49cf-857b-eb3d9084c9e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ada21304-75c5-49cf-857b-eb3d9084c9e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ada21304-75c5-49cf-857b-eb3d9084c9e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ada21304-75c5-49cf-857b-eb3d9084c9e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ada21304-75c5-49cf-857b-eb3d9084c9e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3fbbe63b-d0d0-4e26-a069-259845379579 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ada21304-75c5-49cf-857b-eb3d9084c9e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3fbbe63b-d0d0-4e26-a069-259845379579 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6dfaa0c2-9e97-4af9-ac5f-d0849d5a729d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==ea4X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6dfaa0c2-9e97-4af9-ac5f-d0849d5a729d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6dfaa0c2-9e97-4af9-ac5f-d0849d5a729d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6dfaa0c2-9e97-4af9-ac5f-d0849d5a729d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6dfaa0c2-9e97-4af9-ac5f-d0849d5a729d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6dfaa0c2-9e97-4af9-ac5f-d0849d5a729d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6dfaa0c2-9e97-4af9-ac5f-d0849d5a729d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ea64672-212a-4c2f-bb76-97e063f0cd69 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**1. ]Ɋ& !1. F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6dfaa0c2-9e97-4af9-ac5f-d0849d5a729d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ea64672-212a-4c2f-bb76-97e063f0cd69 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(1. ]Ɋ& !X1. F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7d69f962-e7a7-4ab6-8881-370bac36703b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@1. ]Ɋ& !X1. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7d69f962-e7a7-4ab6-8881-370bac36703b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@1. ]Ɋ& !X1. F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7d69f962-e7a7-4ab6-8881-370bac36703b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**81. ]Ɋ& !X1. F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7d69f962-e7a7-4ab6-8881-370bac36703b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**81. ]Ɋ& !X1. F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7d69f962-e7a7-4ab6-8881-370bac36703b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**81. ]Ɋ& !X1. F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7d69f962-e7a7-4ab6-8881-370bac36703b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**1. ]Ɋ& !1. F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7d69f962-e7a7-4ab6-8881-370bac36703b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b321f88f-4cf8-43c2-8564-c8bc9ac803e3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru**ƨ ]Ɋ& !ƨ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7d69f962-e7a7-4ab6-8881-370bac36703b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b321f88f-4cf8-43c2-8564-c8bc9ac803e3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=39009cc0-3416-4989-9410-43c41b6c5f01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=39009cc0-3416-4989-9410-43c41b6c5f01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=39009cc0-3416-4989-9410-43c41b6c5f01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=39009cc0-3416-4989-9410-43c41b6c5f01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**h  ]Ɋ& !X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=39009cc0-3416-4989-9410-43c41b6c5f01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**h  ]Ɋ& !X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=39009cc0-3416-4989-9410-43c41b6c5f01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**  ]Ɋ&  !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=39009cc0-3416-4989-9410-43c41b6c5f01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ee7724e-39d2-4e73-86fc-60ed04ef2ac3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=39009cc0-3416-4989-9410-43c41b6c5f01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ee7724e-39d2-4e73-86fc-60ed04ef2ac3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var** !) ]Ɋ& '!X!)  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d72c3bef-ad9d-4c79-8cee-ff37110ad649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**!) ]Ɋ& ?!X!) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d72c3bef-ad9d-4c79-8cee-ff37110ad649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!) ]Ɋ& ;!X!) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d72c3bef-ad9d-4c79-8cee-ff37110ad649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!) ]Ɋ& 3!X!) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d72c3bef-ad9d-4c79-8cee-ff37110ad649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**!) ]Ɋ& 3!X!) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d72c3bef-ad9d-4c79-8cee-ff37110ad649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!) ]Ɋ& 5!X!) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d72c3bef-ad9d-4c79-8cee-ff37110ad649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 35!) F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**md ]Ɋ& 7!Xmd F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkDDH-Mu=VysMc&&**8 !) ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!) F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d72c3bef-ad9d-4c79-8cee-ff37110ad649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=90fc3b4a-49d9-419a-9bde-3b28f69cdcab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c-08 **@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d72c3bef-ad9d-4c79-8cee-ff37110ad649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=90fc3b4a-49d9-419a-9bde-3b28f69cdcab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**G1j ]Ɋ& )!XG1j F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=da4ec8e1-3c7a-4db1-8ef6-58ed047fabaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**G1j ]Ɋ& A!XG1j F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=da4ec8e1-3c7a-4db1-8ef6-58ed047fabaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **G1j ]Ɋ& =!XG1j F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=da4ec8e1-3c7a-4db1-8ef6-58ed047fabaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **G1j ]Ɋ& 5!XG1j F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=da4ec8e1-3c7a-4db1-8ef6-58ed047fabaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5c**G1j ]Ɋ& 5!XG1j F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=da4ec8e1-3c7a-4db1-8ef6-58ed047fabaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**G1j ]Ɋ& 7!XG1j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=da4ec8e1-3c7a-4db1-8ef6-58ed047fabaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0j ]Ɋ& !j F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=da4ec8e1-3c7a-4db1-8ef6-58ed047fabaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=44636ed8-d2c2-437f-b45d-87d34b592ef3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@tbk ]Ɋ& !tbk F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=da4ec8e1-3c7a-4db1-8ef6-58ed047fabaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=44636ed8-d2c2-437f-b45d-87d34b592ef3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**Xtbk ]Ɋ& !Xtbk F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=51cc8960-c7ca-4eab-a3b8-a2309eabe467 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**ptbk ]Ɋ& !Xtbk F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=51cc8960-c7ca-4eab-a3b8-a2309eabe467 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**htbk ]Ɋ& !Xtbk F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=51cc8960-c7ca-4eab-a3b8-a2309eabe467 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` tbk ]Ɋ& !Xtbk  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=51cc8960-c7ca-4eab-a3b8-a2309eabe467 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`!tbk ]Ɋ& !Xtbk! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=51cc8960-c7ca-4eab-a3b8-a2309eabe467 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h"tbk ]Ɋ& !Xtbk" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=51cc8960-c7ca-4eab-a3b8-a2309eabe467 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**#tbk ]Ɋ&  !tbk# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=51cc8960-c7ca-4eab-a3b8-a2309eabe467 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4713a192-7037-4ded-9707-06add850d35d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**$ k ]Ɋ& ! k$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=51cc8960-c7ca-4eab-a3b8-a2309eabe467 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4713a192-7037-4ded-9707-06add850d35d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**8% k ]Ɋ& !X k% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30f35d8e-6a5e-4b53-b4dd-a3df6d1d2880 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P& k ]Ɋ& !X k& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30f35d8e-6a5e-4b53-b4dd-a3df6d1d2880 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P' k ]Ɋ& !X k' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30f35d8e-6a5e-4b53-b4dd-a3df6d1d2880 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**H( k ]Ɋ& !X k( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30f35d8e-6a5e-4b53-b4dd-a3df6d1d2880 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H) k ]Ɋ& !X k) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30f35d8e-6a5e-4b53-b4dd-a3df6d1d2880 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H* k ]Ɋ& !X k* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30f35d8e-6a5e-4b53-b4dd-a3df6d1d2880 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**+ k ]Ɋ& ! k+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30f35d8e-6a5e-4b53-b4dd-a3df6d1d2880 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d40f8bb5-6aeb-4622-a952-d56761b244be PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**, k ]Ɋ& ! k, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30f35d8e-6a5e-4b53-b4dd-a3df6d1d2880 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d40f8bb5-6aeb-4622-a952-d56761b244be PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X- k ]Ɋ& !X k- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1e15eed5-0aec-458c-b294-fe9c4c53c516 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p. k ]Ɋ& !X k. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1e15eed5-0aec-458c-b294-fe9c4c53c516 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**h/ k ]Ɋ& !X k/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1e15eed5-0aec-458c-b294-fe9c4c53c516 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`0 k ]Ɋ& !X k0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1e15eed5-0aec-458c-b294-fe9c4c53c516 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f9`**`1 k ]Ɋ& !X k1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1e15eed5-0aec-458c-b294-fe9c4c53c516 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**`2 k ]Ɋ& !X k2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1e15eed5-0aec-458c-b294-fe9c4c53c516 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**3 k ]Ɋ& ! k3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1e15eed5-0aec-458c-b294-fe9c4c53c516 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84a4a065-c4c3-4b31-a700-341d94a42735 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**4l ]Ɋ& !l4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1e15eed5-0aec-458c-b294-fe9c4c53c516 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84a4a065-c4c3-4b31-a700-341d94a42735 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(5l ]Ɋ& !Xl5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6c5f8fca-52a3-4cba-86d0-0e20ffc259a1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@6l ]Ɋ& !Xl6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6c5f8fca-52a3-4cba-86d0-0e20ffc259a1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@7l ]Ɋ& !Xl7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6c5f8fca-52a3-4cba-86d0-0e20ffc259a1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**88l ]Ɋ& !Xl8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6c5f8fca-52a3-4cba-86d0-0e20ffc259a1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**89l ]Ɋ& !Xl9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6c5f8fca-52a3-4cba-86d0-0e20ffc259a1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8:l ]Ɋ& !Xl: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6c5f8fca-52a3-4cba-86d0-0e20ffc259a1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**;l ]Ɋ& !l; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6c5f8fca-52a3-4cba-86d0-0e20ffc259a1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ec28260e-400b-4c57-833d-9bd27133a000 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**<7,m ]Ɋ& !7,m< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6c5f8fca-52a3-4cba-86d0-0e20ffc259a1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ec28260e-400b-4c57-833d-9bd27133a000 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**X=o ]Ɋ& !Xo= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=20d45f13-2cd6-4da4-8e79-aba0242c11bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**p>o ]Ɋ& !Xo> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=20d45f13-2cd6-4da4-8e79-aba0242c11bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p?o ]Ɋ& !Xo? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=20d45f13-2cd6-4da4-8e79-aba0242c11bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**h@o ]Ɋ& !Xo@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=20d45f13-2cd6-4da4-8e79-aba0242c11bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**hAo ]Ɋ& !XoA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=20d45f13-2cd6-4da4-8e79-aba0242c11bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**hBo ]Ɋ& !XoB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=20d45f13-2cd6-4da4-8e79-aba0242c11bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**Co ]Ɋ&  !oC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=20d45f13-2cd6-4da4-8e79-aba0242c11bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=385ee39e-ee16-4db0-906d-367f2f1d6f2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**D('p ]Ɋ& !('pD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=20d45f13-2cd6-4da4-8e79-aba0242c11bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=385ee39e-ee16-4db0-906d-367f2f1d6f2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=35!) ]Ɋ&  CX('pE F&ommandPath= CommandLine=wP**md ]Ɋ& 7!Xmd F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkEwEw(Q\sBMu=VysMc&&** E('p ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X('pE F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5a0bce81-7716-41c1-aafc-bc0c03b2f8af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **F('p ]Ɋ& ?!X('pF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5a0bce81-7716-41c1-aafc-bc0c03b2f8af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**G('p ]Ɋ& ;!X('pG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5a0bce81-7716-41c1-aafc-bc0c03b2f8af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **H('p ]Ɋ& 3!X('pH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5a0bce81-7716-41c1-aafc-bc0c03b2f8af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**I('p ]Ɋ& 3!X('pI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5a0bce81-7716-41c1-aafc-bc0c03b2f8af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**J('p ]Ɋ& 5!X('pJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5a0bce81-7716-41c1-aafc-bc0c03b2f8af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0K('p ]Ɋ& !('pK F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5a0bce81-7716-41c1-aafc-bc0c03b2f8af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b4a58c69-5e4e-4734-8f65-deca7fe05b88 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@Lp ]Ɋ& !pL F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5a0bce81-7716-41c1-aafc-bc0c03b2f8af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b4a58c69-5e4e-4734-8f65-deca7fe05b88 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @**M'9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8990cd4b-b8f7-45c4-848a-bdbbf7b31c77 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **hyrn® ]Ɋ& !Xrn®y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8990cd4b-b8f7-45c4-848a-bdbbf7b31c77 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**hzrn® ]Ɋ& !Xrn®z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8990cd4b-b8f7-45c4-848a-bdbbf7b31c77 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch**{rn® ]Ɋ&  !rn®{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8990cd4b-b8f7-45c4-848a-bdbbf7b31c77 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2752d577-cb3d-4447-a0cc-5852f19c82d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**|2o® ]Ɋ& !2o®| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8990cd4b-b8f7-45c4-848a-bdbbf7b31c77 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2752d577-cb3d-4447-a0cc-5852f19c82d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst**}2o® ]Ɋ& '!X2o®} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=25f65359-44ed-4a52-9774-5821acc9c72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**~2o® ]Ɋ& ?!X2o®~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=25f65359-44ed-4a52-9774-5821acc9c72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**2o® ]Ɋ& ;!X2o® F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=25f65359-44ed-4a52-9774-5821acc9c72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**2o® ]Ɋ& 3!X2o® F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=25f65359-44ed-4a52-9774-5821acc9c72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**2o® ]Ɋ& 3!X2o® F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=25f65359-44ed-4a52-9774-5821acc9c72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**2o® ]Ɋ& 5!X2o® F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=25f65359-44ed-4a52-9774-5821acc9c72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**0o® ]Ɋ& !o® F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=25f65359-44ed-4a52-9774-5821acc9c72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=de7f73df-1c0e-4b16-b976-0a3b0504c350 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@5cp® ]Ɋ& !5cp® F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=25f65359-44ed-4a52-9774-5821acc9c72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=de7f73df-1c0e-4b16-b976-0a3b0504c350 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**O% ]Ɋ& )!XO% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d2a03475-ec31-4e49-b20e-62d25ad1221c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**O% ]Ɋ& A!XO% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d2a03475-ec31-4e49-b20e-62d25ad1221c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**O% ]Ɋ& =!XO% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d2a03475-ec31-4e49-b20e-62d25ad1221c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**O% ]Ɋ& 5!XO% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d2a03475-ec31-4e49-b20e-62d25ad1221c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g **O% ]Ɋ& 5!XO% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d2a03475-ec31-4e49-b20e-62d25ad1221c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na**O% ]Ɋ& 7!XO% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d2a03475-ec31-4e49-b20e-62d25ad1221c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0O% ]Ɋ& !O% F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d2a03475-ec31-4e49-b20e-62d25ad1221c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4351086-6acc-418a-b203-9953bfa1a016 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@|ز% ]Ɋ& !|ز% F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d2a03475-ec31-4e49-b20e-62d25ad1221c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4351086-6acc-418a-b203-9953bfa1a016 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C@**Xq% ]Ɋ& !Xq% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3ab1f0b2-7a07-48eb-bd5a-324960395d6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artX**pq% ]Ɋ& !Xq% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3ab1f0b2-7a07-48eb-bd5a-324960395d6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceNp**hq% ]Ɋ& !Xq% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3ab1f0b2-7a07-48eb-bd5a-324960395d6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`q% ]Ɋ& !Xq% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3ab1f0b2-7a07-48eb-bd5a-324960395d6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**`q% ]Ɋ& !Xq% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3ab1f0b2-7a07-48eb-bd5a-324960395d6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s`**hq% ]Ɋ& !Xq% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3ab1f0b2-7a07-48eb-bd5a-324960395d6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 h**q% ]Ɋ&  !q% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3ab1f0b2-7a07-48eb-bd5a-324960395d6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a37e87c-e31d-476e-90fa-75f67f950457 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ppli** % ]Ɋ& ! % F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3ab1f0b2-7a07-48eb-bd5a-324960395d6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a37e87c-e31d-476e-90fa-75f67f950457 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**8@% ]Ɋ& !X@% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=56cbd957-2ffa-4755-8c27-32911532066a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c-8**P@% ]Ɋ& !X@% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=56cbd957-2ffa-4755-8c27-32911532066a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9bP**P@% ]Ɋ& !X@% F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=56cbd957-2ffa-4755-8c27-32911532066a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HP**H@% ]Ɋ& !X@% F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=56cbd957-2ffa-4755-8c27-32911532066a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVerH**H@% ]Ɋ& !X@% F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=56cbd957-2ffa-4755-8c27-32911532066a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leHoH**H@% ]Ɋ& !X@% F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=56cbd957-2ffa-4755-8c27-32911532066a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stNH**:% ]Ɋ& !:% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=56cbd957-2ffa-4755-8c27-32911532066a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d170c2fe-9e2b-41ff-b1b3-c98b4d615764 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsi**:% ]Ɋ& !:% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=56cbd957-2ffa-4755-8c27-32911532066a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d170c2fe-9e2b-41ff-b1b3-c98b4d615764 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**Xmӵ% ]Ɋ& !Xmӵ% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9dac1f2d-2d4e-44df-b87a-44556070bc19 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SX**pmӵ% ]Ɋ& !Xmӵ% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9dac1f2d-2d4e-44df-b87a-44556070bc19 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hmӵ% ]Ɋ& !Xmӵ% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9dac1f2d-2d4e-44df-b87a-44556070bc19 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**`mӵ% ]Ɋ& !Xmӵ% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9dac1f2d-2d4e-44df-b87a-44556070bc19 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`mӵ% ]Ɋ& !Xmӵ% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9dac1f2d-2d4e-44df-b87a-44556070bc19 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll`**`mӵ% ]Ɋ& !Xmӵ% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9dac1f2d-2d4e-44df-b87a-44556070bc19 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**mӵ% ]Ɋ& !mӵ% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9dac1f2d-2d4e-44df-b87a-44556070bc19 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4ab93037-64e2-479d-9021-34963df35fb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**mӵ% ]Ɋ& !mӵ% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9dac1f2d-2d4e-44df-b87a-44556070bc19 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4ab93037-64e2-479d-9021-34963df35fb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uen**(l% ]Ɋ& !Xl% F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a1210764-a8dc-46c4-b765-6b2f957d782a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t(**@l% ]Ɋ& !Xl% F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a1210764-a8dc-46c4-b765-6b2f957d782a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@l% ]Ɋ& !Xl% F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a1210764-a8dc-46c4-b765-6b2f957d782a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**8l% ]Ɋ& !Xl% F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a1210764-a8dc-46c4-b765-6b2f957d782a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liz8**8l% ]Ɋ& !Xl% F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a1210764-a8dc-46c4-b765-6b2f957d782a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin8**8l% ]Ɋ& !Xl% F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a1210764-a8dc-46c4-b765-6b2f957d782a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnk@gfMMu=VysMc&&** l% ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! m!l% F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a1210764-a8dc-46c4-b765-6b2f957d782a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=826c6d2d-f6a0-4f68-b11c-482c45597551 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio **% ]Ɋ& !% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a1210764-a8dc-46c4-b765-6b2f957d782a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=826c6d2d-f6a0-4f68-b11c-482c45597551 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izat**X]θ% ]Ɋ& !X]θ% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2dbef1f1-5d6e-4b00-b54f-c95acd5656a8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p]θ% ]Ɋ& !X]θ% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2dbef1f1-5d6e-4b00-b54f-c95acd5656a8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**p]θ% ]Ɋ& !X]θ% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2dbef1f1-5d6e-4b00-b54f-c95acd5656a8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=opep**h]θ% ]Ɋ& !X]θ% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2dbef1f1-5d6e-4b00-b54f-c95acd5656a8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ltuh**h]θ% ]Ɋ& !X]θ% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2dbef1f1-5d6e-4b00-b54f-c95acd5656a8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**h]θ% ]Ɋ& !X]θ% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2dbef1f1-5d6e-4b00-b54f-c95acd5656a8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Idh**]θ% ]Ɋ&  !]θ% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2dbef1f1-5d6e-4b00-b54f-c95acd5656a8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12109e78-e5a1-4875-a9d6-8094b616918c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2o**f% ]Ɋ& !f% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2dbef1f1-5d6e-4b00-b54f-c95acd5656a8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12109e78-e5a1-4875-a9d6-8094b616918c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**f% ]Ɋ& '!Xf% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2c5cb8e0-5c4d-4a42-957b-7dfb18085d8e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**f% ]Ɋ& ?!Xf% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2c5cb8e0-5c4d-4a42-957b-7dfb18085d8e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**f% ]Ɋ& ;!Xf% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2c5cb8e0-5c4d-4a42-957b-7dfb18085d8e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**f% ]Ɋ& 3!Xf% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2c5cb8e0-5c4d-4a42-957b-7dfb18085d8e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**f% ]Ɋ& 3!Xf% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2c5cb8e0-5c4d-4a42-957b-7dfb18085d8e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**f% ]Ɋ& 5!Xf% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2c5cb8e0-5c4d-4a42-957b-7dfb18085d8e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0f% ]Ɋ& !f% F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2c5cb8e0-5c4d-4a42-957b-7dfb18085d8e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f23ce8d-4cef-4659-9d45-408650fee690 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la0**@!% ]Ɋ& !!% F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2c5cb8e0-5c4d-4a42-957b-7dfb18085d8e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f23ce8d-4cef-4659-9d45-408650fee690 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng -@**.g ]Ɋ& )!X.g F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=853ee1ed-503b-4d41-b166-bc5db19977a4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**.g ]Ɋ& A!X.g F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=853ee1ed-503b-4d41-b166-bc5db19977a4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eb-b**.g ]Ɋ& =!X.g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=853ee1ed-503b-4d41-b166-bc5db19977a4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**.g ]Ɋ& 5!X.g F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=853ee1ed-503b-4d41-b166-bc5db19977a4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**.g ]Ɋ& 5!X.g F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=853ee1ed-503b-4d41-b166-bc5db19977a4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**.g ]Ɋ& 7!X.g F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=853ee1ed-503b-4d41-b166-bc5db19977a4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**0.g ]Ɋ& !.g F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=853ee1ed-503b-4d41-b166-bc5db19977a4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f34e0108-9083-4bb1-a3a1-aab3adb15788 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=853ee1ed-503b-4d41-b166-bc5db19977a4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f34e0108-9083-4bb1-a3a1-aab3adb15788 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pel@**X[ ]Ɋ& !X[ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1bd24fb5-c7bf-47d5-a908-7944f1d87d74 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RX**p[ ]Ɋ& !X[ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1bd24fb5-c7bf-47d5-a908-7944f1d87d74 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersp**h[ ]Ɋ& !X[ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1bd24fb5-c7bf-47d5-a908-7944f1d87d74 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ph**`[ ]Ɋ& !X[ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1bd24fb5-c7bf-47d5-a908-7944f1d87d74 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**`[ ]Ɋ& !X[ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1bd24fb5-c7bf-47d5-a908-7944f1d87d74 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h[ ]Ɋ& !X[ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1bd24fb5-c7bf-47d5-a908-7944f1d87d74 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**[ ]Ɋ&  ![ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1bd24fb5-c7bf-47d5-a908-7944f1d87d74 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03df03b9-f9a7-4432-89d8-cedf92c77799 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**[ ]Ɋ& ![ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1bd24fb5-c7bf-47d5-a908-7944f1d87d74 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03df03b9-f9a7-4432-89d8-cedf92c77799 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:**8[ ]Ɋ& !X[ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c5f02aed-f8c7-4a56-8625-e7b145c28953 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt8**P[ ]Ɋ& !X[ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c5f02aed-f8c7-4a56-8625-e7b145c28953 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipP**P[ ]Ɋ& !X[ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c5f02aed-f8c7-4a56-8625-e7b145c28953 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CommP**H[ ]Ɋ& !X[ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c5f02aed-f8c7-4a56-8625-e7b145c28953 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H[ ]Ɋ& !X[ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c5f02aed-f8c7-4a56-8625-e7b145c28953 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PipH**H[ ]Ɋ& !X[ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c5f02aed-f8c7-4a56-8625-e7b145c28953 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspH**[ ]Ɋ& ![ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c5f02aed-f8c7-4a56-8625-e7b145c28953 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7cb841e5-75df-4dff-9d1b-ae2d1a61378c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**[ ]Ɋ& ![ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c5f02aed-f8c7-4a56-8625-e7b145c28953 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7cb841e5-75df-4dff-9d1b-ae2d1a61378c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**X0 ]Ɋ& !X0 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9ca4622e-d6a4-4107-a8d3-d9873161b5aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIdX**p0 ]Ɋ& !X0 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9ca4622e-d6a4-4107-a8d3-d9873161b5aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obalp**h0 ]Ɋ& !X0 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9ca4622e-d6a4-4107-a8d3-d9873161b5aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=x h**`0 ]Ɋ& !X0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9ca4622e-d6a4-4107-a8d3-d9873161b5aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`0 ]Ɋ& !X0 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9ca4622e-d6a4-4107-a8d3-d9873161b5aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`0 ]Ɋ& !X0 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9ca4622e-d6a4-4107-a8d3-d9873161b5aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**0 ]Ɋ& !0 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9ca4622e-d6a4-4107-a8d3-d9873161b5aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=23d63fb0-cbbc-47c6-85de-86eb500a7e97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**0 ]Ɋ& !0 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9ca4622e-d6a4-4107-a8d3-d9873161b5aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=23d63fb0-cbbc-47c6-85de-86eb500a7e97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= EnneVersion=  ]Ɋ& maX0 F&ndPath= CommandLine=8F& ElfChnk rm:Mu=VysMc&&**0 0 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X0 F&F%g>9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=84c77f85-438d-45da-a60c-530dfd25a1ae HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0 **@0 ]Ɋ& !X0 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=84c77f85-438d-45da-a60c-530dfd25a1ae HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P@**@0 ]Ɋ& !X0 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=84c77f85-438d-45da-a60c-530dfd25a1ae HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lue@**80 ]Ɋ& !X0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=84c77f85-438d-45da-a60c-530dfd25a1ae HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndo8**80 ]Ɋ& !X0 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=84c77f85-438d-45da-a60c-530dfd25a1ae HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 8**80 ]Ɋ& !X0 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=84c77f85-438d-45da-a60c-530dfd25a1ae HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er8**0 ]Ɋ& !0 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=84c77f85-438d-45da-a60c-530dfd25a1ae HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b8fed32c-c1ae-4e2d-a34c-802b73ad7d6f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]θ**ɻ ]Ɋ& !ɻ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=84c77f85-438d-45da-a60c-530dfd25a1ae HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b8fed32c-c1ae-4e2d-a34c-802b73ad7d6f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cd0727f7-40db-4f7f-bf6d-f4954525cf29 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cd0727f7-40db-4f7f-bf6d-f4954525cf29 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cd0727f7-40db-4f7f-bf6d-f4954525cf29 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rinp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cd0727f7-40db-4f7f-bf6d-f4954525cf29 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cd0727f7-40db-4f7f-bf6d-f4954525cf29 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipth**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cd0727f7-40db-4f7f-bf6d-f4954525cf29 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cd0727f7-40db-4f7f-bf6d-f4954525cf29 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=68ffd56d-fa0e-4321-9876-04e590c1e764 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eg**K ]Ɋ& !K F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cd0727f7-40db-4f7f-bf6d-f4954525cf29 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=68ffd56d-fa0e-4321-9876-04e590c1e764 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8e0-**+ ]Ɋ& '!X+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=da3bdc51-abe3-4cec-bac3-923b0c8f47f8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**+ ]Ɋ& ?!X+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=da3bdc51-abe3-4cec-bac3-923b0c8f47f8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**+ ]Ɋ& ;!X+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=da3bdc51-abe3-4cec-bac3-923b0c8f47f8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **+ ]Ɋ& 3!X+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=da3bdc51-abe3-4cec-bac3-923b0c8f47f8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**+ ]Ɋ& 3!X+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=da3bdc51-abe3-4cec-bac3-923b0c8f47f8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **+ ]Ɋ& 5!X+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=da3bdc51-abe3-4cec-bac3-923b0c8f47f8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0+ ]Ɋ& !+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=da3bdc51-abe3-4cec-bac3-923b0c8f47f8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7847c1f6-879b-437e-9f5d-6b0137f6353e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si0**@xľ ]Ɋ& !xľ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=da3bdc51-abe3-4cec-bac3-923b0c8f47f8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7847c1f6-879b-437e-9f5d-6b0137f6353e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**Q[Ե ]Ɋ& )!XQ[Ե F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3d8e8b7f-ebc5-4197-9440-baf897362d1e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**Q[Ե ]Ɋ& A!XQ[Ե F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3d8e8b7f-ebc5-4197-9440-baf897362d1e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**Q[Ե ]Ɋ& =!XQ[Ե F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3d8e8b7f-ebc5-4197-9440-baf897362d1e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mI**Q[Ե ]Ɋ& 5!XQ[Ե F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3d8e8b7f-ebc5-4197-9440-baf897362d1e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-c**Q[Ե ]Ɋ& 5!XQ[Ե F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3d8e8b7f-ebc5-4197-9440-baf897362d1e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**Q[Ե ]Ɋ& 7!XQ[Ե F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3d8e8b7f-ebc5-4197-9440-baf897362d1e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**0Q[Ե ]Ɋ& !Q[Ե F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3d8e8b7f-ebc5-4197-9440-baf897362d1e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bee2bda7-077e-4bd1-8fc7-f72f33662144 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@Ե ]Ɋ& !Ե F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3d8e8b7f-ebc5-4197-9440-baf897362d1e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bee2bda7-077e-4bd1-8fc7-f72f33662144 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X~Ե ]Ɋ& !X~Ե F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=add5b39a-3e4a-412b-b6a8-013328bc6b1a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= X**p~Ե ]Ɋ& !X~Ե F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=add5b39a-3e4a-412b-b6a8-013328bc6b1a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h~Ե ]Ɋ& !X~Ե F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=add5b39a-3e4a-412b-b6a8-013328bc6b1a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`~Ե ]Ɋ& !X~Ե F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=add5b39a-3e4a-412b-b6a8-013328bc6b1a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`~Ե ]Ɋ& !X~Ե F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=add5b39a-3e4a-412b-b6a8-013328bc6b1a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h~Ե ]Ɋ& !X~Ե F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=add5b39a-3e4a-412b-b6a8-013328bc6b1a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**~Ե ]Ɋ&  !~Ե F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=add5b39a-3e4a-412b-b6a8-013328bc6b1a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=037a0cbd-dbbf-4251-ac56-a8f0364b4515 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=None**~Ե ]Ɋ& !~Ե F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=add5b39a-3e4a-412b-b6a8-013328bc6b1a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=037a0cbd-dbbf-4251-ac56-a8f0364b4515 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**8~Ե ]Ɋ& !X~Ե F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c31d5f3b-aad5-43a6-ac02-5a3307eb2a68 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P~Ե ]Ɋ& !X~Ե F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c31d5f3b-aad5-43a6-ac02-5a3307eb2a68 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P~Ե ]Ɋ& !X~Ե F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c31d5f3b-aad5-43a6-ac02-5a3307eb2a68 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H~Ե ]Ɋ& !X~Ե F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c31d5f3b-aad5-43a6-ac02-5a3307eb2a68 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ~Ե ]Ɋ& !X~Ե  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c31d5f3b-aad5-43a6-ac02-5a3307eb2a68 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ~Ե ]Ɋ& !X~Ե  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c31d5f3b-aad5-43a6-ac02-5a3307eb2a68 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H** ~Ե ]Ɋ& !~Ե  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c31d5f3b-aad5-43a6-ac02-5a3307eb2a68 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8af1d73c-06b4-4bb0-8ae5-651e3fb47f12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ~Ե ]Ɋ& !~Ե  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c31d5f3b-aad5-43a6-ac02-5a3307eb2a68 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8af1d73c-06b4-4bb0-8ae5-651e3fb47f12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X %Ե ]Ɋ& !X%Ե  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08fd9317-6714-45cf-bf35-d858e8b894f1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mandXne= En ]Ɋ& X%Ե F& F&ndPath= CommandLine=8F& ElfChnk>>@ATpтMu=VysMc&&**p%Ե ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!X%Ե F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08fd9317-6714-45cf-bf35-d858e8b894f1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**h%Ե ]Ɋ& !X%Ե F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08fd9317-6714-45cf-bf35-d858e8b894f1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**`%Ե ]Ɋ& !X%Ե F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08fd9317-6714-45cf-bf35-d858e8b894f1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`%Ե ]Ɋ& !X%Ե F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08fd9317-6714-45cf-bf35-d858e8b894f1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7f`**`%Ե ]Ɋ& !X%Ե F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08fd9317-6714-45cf-bf35-d858e8b894f1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**%Ե ]Ɋ& !%Ե F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08fd9317-6714-45cf-bf35-d858e8b894f1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5ce3cf13-127e-480a-adcc-f1a7f36afc7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**%Ե ]Ɋ& !%Ե F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08fd9317-6714-45cf-bf35-d858e8b894f1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5ce3cf13-127e-480a-adcc-f1a7f36afc7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(%Ե ]Ɋ& !X%Ե F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1a21222d-67d4-4d7a-9e21-c60f7e28f86a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@%Ե ]Ɋ& !X%Ե F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1a21222d-67d4-4d7a-9e21-c60f7e28f86a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@%Ե ]Ɋ& !X%Ե F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1a21222d-67d4-4d7a-9e21-c60f7e28f86a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**8%Ե ]Ɋ& !X%Ե F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1a21222d-67d4-4d7a-9e21-c60f7e28f86a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8%Ե ]Ɋ& !X%Ե F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1a21222d-67d4-4d7a-9e21-c60f7e28f86a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**8%Ե ]Ɋ& !X%Ե F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1a21222d-67d4-4d7a-9e21-c60f7e28f86a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**Ե ]Ɋ& !Ե F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1a21222d-67d4-4d7a-9e21-c60f7e28f86a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c5e911b0-4060-4105-ae0b-a051de4c878d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**AVԵ ]Ɋ& !AVԵ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1a21222d-67d4-4d7a-9e21-c60f7e28f86a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c5e911b0-4060-4105-ae0b-a051de4c878d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**XԵ ]Ɋ& !XԵ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=65cdd799-0c61-4e76-b5e2-0186769f081d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pԵ ]Ɋ& !XԵ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=65cdd799-0c61-4e76-b5e2-0186769f081d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8p**pԵ ]Ɋ& !XԵ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=65cdd799-0c61-4e76-b5e2-0186769f081d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**h Ե ]Ɋ& !XԵ  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=65cdd799-0c61-4e76-b5e2-0186769f081d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**h!Ե ]Ɋ& !XԵ! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=65cdd799-0c61-4e76-b5e2-0186769f081d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h"Ե ]Ɋ& !XԵ" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=65cdd799-0c61-4e76-b5e2-0186769f081d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**#nԵ ]Ɋ&  !nԵ# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=65cdd799-0c61-4e76-b5e2-0186769f081d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dbcea947-05b9-4b4f-9657-376635db4878 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **$nԵ ]Ɋ& !nԵ$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=65cdd799-0c61-4e76-b5e2-0186769f081d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dbcea947-05b9-4b4f-9657-376635db4878 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4ce**% Ե ]Ɋ& '!X Ե% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=93076c31-e123-4a0c-9380-24fd7d29aec0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**& Ե ]Ɋ& ?!X Ե& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=93076c31-e123-4a0c-9380-24fd7d29aec0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**' Ե ]Ɋ& ;!X Ե' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=93076c31-e123-4a0c-9380-24fd7d29aec0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que**( Ե ]Ɋ& 3!X Ե( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=93076c31-e123-4a0c-9380-24fd7d29aec0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**) Ե ]Ɋ& 3!X Ե) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=93076c31-e123-4a0c-9380-24fd7d29aec0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc*** Ե ]Ɋ& 5!X Ե* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=93076c31-e123-4a0c-9380-24fd7d29aec0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0+ Ե ]Ɋ& ! Ե+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=93076c31-e123-4a0c-9380-24fd7d29aec0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=eb6bbd91-d0cf-478e-9f45-31f3d48df448 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@,Ե ]Ɋ& !Ե, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=93076c31-e123-4a0c-9380-24fd7d29aec0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=eb6bbd91-d0cf-478e-9f45-31f3d48df448 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**-t,M8 ]Ɋ& )!Xt,M8- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ed9f833a-9187-48b8-8091-2aef79756c27 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**.t,M8 ]Ɋ& A!Xt,M8. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ed9f833a-9187-48b8-8091-2aef79756c27 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**/t,M8 ]Ɋ& =!Xt,M8/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ed9f833a-9187-48b8-8091-2aef79756c27 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **0t,M8 ]Ɋ& 5!Xt,M80 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ed9f833a-9187-48b8-8091-2aef79756c27 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2b**1t,M8 ]Ɋ& 5!Xt,M81 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ed9f833a-9187-48b8-8091-2aef79756c27 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**2t,M8 ]Ɋ& 7!Xt,M82 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ed9f833a-9187-48b8-8091-2aef79756c27 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**03t,M8 ]Ɋ& !t,M83 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ed9f833a-9187-48b8-8091-2aef79756c27 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7d3e264c-5d3d-49fe-9feb-4640433cab94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@4 M8 ]Ɋ& ! M84 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ed9f833a-9187-48b8-8091-2aef79756c27 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7d3e264c-5d3d-49fe-9feb-4640433cab94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X5 M8 ]Ɋ& !X M85 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3235abf4-f44e-408d-8db9-e26350c8a859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p6 M8 ]Ɋ& !X M86 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3235abf4-f44e-408d-8db9-e26350c8a859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h7 M8 ]Ɋ& !X M87 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3235abf4-f44e-408d-8db9-e26350c8a859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`8 M8 ]Ɋ& !X M88 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3235abf4-f44e-408d-8db9-e26350c8a859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`9 M8 ]Ɋ& !X M89 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3235abf4-f44e-408d-8db9-e26350c8a859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h: M8 ]Ɋ& !X M8: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3235abf4-f44e-408d-8db9-e26350c8a859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**; M8 ]Ɋ&  ! M8; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3235abf4-f44e-408d-8db9-e26350c8a859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f993df85-141b-406b-a84b-00ea77500c46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng**<]N8 ]Ɋ& !]N8< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3235abf4-f44e-408d-8db9-e26350c8a859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f993df85-141b-406b-a84b-00ea77500c46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8=]N8 ]Ɋ& !X]N8= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=423ae214-6979-45df-a310-8dbbbbf67139 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**P>]N8 ]Ɋ& !X]N8> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=423ae214-6979-45df-a310-8dbbbbf67139 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF& F&ndPath= CommandLine=8F& ElfChnk?o?o Z|~[Mu=VysMc&&**P?]N8 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!X]N8? F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=423ae214-6979-45df-a310-8dbbbbf67139 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**H@]N8 ]Ɋ& !X]N8@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=423ae214-6979-45df-a310-8dbbbbf67139 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**HA]N8 ]Ɋ& !X]N8A F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=423ae214-6979-45df-a310-8dbbbbf67139 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**HB]N8 ]Ɋ& !X]N8B F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=423ae214-6979-45df-a310-8dbbbbf67139 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH**C]N8 ]Ɋ& !]N8C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=423ae214-6979-45df-a310-8dbbbbf67139 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=089b9c67-8460-44e5-9c16-f8b175e57e6c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**D]N8 ]Ɋ& !]N8D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=423ae214-6979-45df-a310-8dbbbbf67139 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=089b9c67-8460-44e5-9c16-f8b175e57e6c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**XE]N8 ]Ɋ& !X]N8E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3a01aef-ad7a-47e0-89da-beddac7d0732 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**pF]N8 ]Ɋ& !X]N8F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3a01aef-ad7a-47e0-89da-beddac7d0732 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**hG]N8 ]Ɋ& !X]N8G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3a01aef-ad7a-47e0-89da-beddac7d0732 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**`H]N8 ]Ɋ& !X]N8H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3a01aef-ad7a-47e0-89da-beddac7d0732 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7e`**`I]N8 ]Ɋ& !X]N8I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3a01aef-ad7a-47e0-89da-beddac7d0732 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**`J]N8 ]Ɋ& !X]N8J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3a01aef-ad7a-47e0-89da-beddac7d0732 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**K]N8 ]Ɋ& !]N8K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3a01aef-ad7a-47e0-89da-beddac7d0732 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1ace1cc-7699-470b-94d3-94b87491218b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**L]N8 ]Ɋ& !]N8L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3a01aef-ad7a-47e0-89da-beddac7d0732 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1ace1cc-7699-470b-94d3-94b87491218b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**(M8N8 ]Ɋ& !X8N8M F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9ada514b-ae4c-4b3b-a4b2-dcce2c02c3cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@N8N8 ]Ɋ& !X8N8N F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9ada514b-ae4c-4b3b-a4b2-dcce2c02c3cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@O8N8 ]Ɋ& !X8N8O F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9ada514b-ae4c-4b3b-a4b2-dcce2c02c3cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**8P8N8 ]Ɋ& !X8N8P F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9ada514b-ae4c-4b3b-a4b2-dcce2c02c3cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**8Q8N8 ]Ɋ& !X8N8Q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9ada514b-ae4c-4b3b-a4b2-dcce2c02c3cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**8R8N8 ]Ɋ& !X8N8R F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9ada514b-ae4c-4b3b-a4b2-dcce2c02c3cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**S8N8 ]Ɋ& !8N8S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9ada514b-ae4c-4b3b-a4b2-dcce2c02c3cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ab18e7b9-1d3a-4be0-8561-8d3ba74406ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **TΎO8 ]Ɋ& !ΎO8T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9ada514b-ae4c-4b3b-a4b2-dcce2c02c3cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ab18e7b9-1d3a-4be0-8561-8d3ba74406ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**XUP8 ]Ɋ& !XP8U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d5e16501-56f1-4313-aa15-1d903c109541 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pVP8 ]Ɋ& !XP8V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d5e16501-56f1-4313-aa15-1d903c109541 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**pWP8 ]Ɋ& !XP8W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d5e16501-56f1-4313-aa15-1d903c109541 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**hXP8 ]Ɋ& !XP8X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d5e16501-56f1-4313-aa15-1d903c109541 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**hYP8 ]Ɋ& !XP8Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d5e16501-56f1-4313-aa15-1d903c109541 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**hZP8 ]Ɋ& !XP8Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d5e16501-56f1-4313-aa15-1d903c109541 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**[P8 ]Ɋ&  !P8[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d5e16501-56f1-4313-aa15-1d903c109541 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fca33b68-1398-46d8-ad8b-1015b585ee0f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\P8 ]Ɋ& !P8\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d5e16501-56f1-4313-aa15-1d903c109541 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fca33b68-1398-46d8-ad8b-1015b585ee0f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq**]XQ8 ]Ɋ& '!XXQ8] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ccc4ca57-7000-4a94-846f-cad052763b1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**^XQ8 ]Ɋ& ?!XXQ8^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ccc4ca57-7000-4a94-846f-cad052763b1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**_XQ8 ]Ɋ& ;!XXQ8_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ccc4ca57-7000-4a94-846f-cad052763b1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**`XQ8 ]Ɋ& 3!XXQ8` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ccc4ca57-7000-4a94-846f-cad052763b1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, **aXQ8 ]Ɋ& 3!XXQ8a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ccc4ca57-7000-4a94-846f-cad052763b1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**bXQ8 ]Ɋ& 5!XXQ8b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ccc4ca57-7000-4a94-846f-cad052763b1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0cXQ8 ]Ɋ& !XQ8c F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ccc4ca57-7000-4a94-846f-cad052763b1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a412c4ac-44d5-40d7-96e6-ed591d238bc3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@d(Q8 ]Ɋ& !(Q8d F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ccc4ca57-7000-4a94-846f-cad052763b1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a412c4ac-44d5-40d7-96e6-ed591d238bc3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**e% ]Ɋ& )!X%e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=17a7a6d1-964d-41de-a32c-263ee4ca99f0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**f% ]Ɋ& A!X%f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=17a7a6d1-964d-41de-a32c-263ee4ca99f0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**g% ]Ɋ& =!X%g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=17a7a6d1-964d-41de-a32c-263ee4ca99f0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**h% ]Ɋ& 5!X%h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=17a7a6d1-964d-41de-a32c-263ee4ca99f0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**i% ]Ɋ& 5!X%i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=17a7a6d1-964d-41de-a32c-263ee4ca99f0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**j% ]Ɋ& 7!X%j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=17a7a6d1-964d-41de-a32c-263ee4ca99f0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0k% ]Ɋ& !%k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=17a7a6d1-964d-41de-a32c-263ee4ca99f0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=47aefc61-97e8-445b-8445-acf10a533b48 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@lxn& ]Ɋ& !xn&l F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=17a7a6d1-964d-41de-a32c-263ee4ca99f0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=47aefc61-97e8-445b-8445-acf10a533b48 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**Xm;8( ]Ɋ& !X;8(m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2072f689-4e13-4f96-bfec-f02ee5d52ca2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=00cX**pn;8( ]Ɋ& !X;8(n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2072f689-4e13-4f96-bfec-f02ee5d52ca2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**ho;8( ]Ɋ& !X;8(o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2072f689-4e13-4f96-bfec-f02ee5d52ca2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X;8(p F&dLine=8F& ElfChnkpp(_NTJoMu=VysMc&&**hp;8( ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!X;8(p F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2072f689-4e13-4f96-bfec-f02ee5d52ca2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Nh**`q;8( ]Ɋ& !X;8(q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2072f689-4e13-4f96-bfec-f02ee5d52ca2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hr;8( ]Ɋ& !X;8(r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2072f689-4e13-4f96-bfec-f02ee5d52ca2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**s;8( ]Ɋ&  !;8(s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2072f689-4e13-4f96-bfec-f02ee5d52ca2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8ee7a3fd-6479-46f6-81f7-c640cb19dff3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**t;8( ]Ɋ& !;8(t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2072f689-4e13-4f96-bfec-f02ee5d52ca2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8ee7a3fd-6479-46f6-81f7-c640cb19dff3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**8u;8( ]Ɋ& !X;8(u F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dc3fb44a-141d-4954-a781-d58ed0e9bc87 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pv;8( ]Ɋ& !X;8(v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dc3fb44a-141d-4954-a781-d58ed0e9bc87 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pw;8( ]Ɋ& !X;8(w F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dc3fb44a-141d-4954-a781-d58ed0e9bc87 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hx;8( ]Ɋ& !X;8(x F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dc3fb44a-141d-4954-a781-d58ed0e9bc87 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hy;8( ]Ɋ& !X;8(y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dc3fb44a-141d-4954-a781-d58ed0e9bc87 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hz;8( ]Ɋ& !X;8(z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dc3fb44a-141d-4954-a781-d58ed0e9bc87 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**{;8( ]Ɋ& !;8({ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dc3fb44a-141d-4954-a781-d58ed0e9bc87 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb5bf666-e55d-410d-9629-cdeaafc929af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|;8( ]Ɋ& !;8(| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dc3fb44a-141d-4954-a781-d58ed0e9bc87 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb5bf666-e55d-410d-9629-cdeaafc929af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X}( ]Ɋ& !X(} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8fdff679-ac12-4c13-b024-3fa47aa2bddb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**p~( ]Ɋ& !X(~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8fdff679-ac12-4c13-b024-3fa47aa2bddb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**h( ]Ɋ& !X( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8fdff679-ac12-4c13-b024-3fa47aa2bddb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**`( ]Ɋ& !X( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8fdff679-ac12-4c13-b024-3fa47aa2bddb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`( ]Ɋ& !X( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8fdff679-ac12-4c13-b024-3fa47aa2bddb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`( ]Ɋ& !X( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8fdff679-ac12-4c13-b024-3fa47aa2bddb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**( ]Ɋ& !( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8fdff679-ac12-4c13-b024-3fa47aa2bddb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ff9358b2-0510-49db-b6ed-8ec00b1c2442 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( ]Ɋ& !( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8fdff679-ac12-4c13-b024-3fa47aa2bddb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ff9358b2-0510-49db-b6ed-8ec00b1c2442 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**(( ]Ɋ& !X( F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f8486f35-30bb-463f-888b-15deb3dc0e5f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@( ]Ɋ& !X( F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f8486f35-30bb-463f-888b-15deb3dc0e5f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@( ]Ɋ& !X( F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f8486f35-30bb-463f-888b-15deb3dc0e5f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**8( ]Ɋ& !X( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f8486f35-30bb-463f-888b-15deb3dc0e5f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**8( ]Ɋ& !X( F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f8486f35-30bb-463f-888b-15deb3dc0e5f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aa18**8( ]Ɋ& !X( F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f8486f35-30bb-463f-888b-15deb3dc0e5f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**( ]Ɋ& !( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f8486f35-30bb-463f-888b-15deb3dc0e5f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=901d8752-84ff-4c36-a3da-ababfa11f454 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**hi) ]Ɋ& !hi) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f8486f35-30bb-463f-888b-15deb3dc0e5f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=901d8752-84ff-4c36-a3da-ababfa11f454 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **X* ]Ɋ& !X* F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5369425f-f6cd-4f16-b61a-4d187b26a2f8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p* ]Ɋ& !X* F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5369425f-f6cd-4f16-b61a-4d187b26a2f8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p* ]Ɋ& !X* F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5369425f-f6cd-4f16-b61a-4d187b26a2f8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**h* ]Ɋ& !X* F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5369425f-f6cd-4f16-b61a-4d187b26a2f8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**h* ]Ɋ& !X* F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5369425f-f6cd-4f16-b61a-4d187b26a2f8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h* ]Ɋ& !X* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5369425f-f6cd-4f16-b61a-4d187b26a2f8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h*** ]Ɋ&  !* F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5369425f-f6cd-4f16-b61a-4d187b26a2f8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e8d32b5-c3cf-40b9-9f2a-e0c25678f20b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **,3+ ]Ɋ& !,3+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5369425f-f6cd-4f16-b61a-4d187b26a2f8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e8d32b5-c3cf-40b9-9f2a-e0c25678f20b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **,3+ ]Ɋ& '!X,3+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee908bcc-9a6a-4a75-a1b5-f3afcf21175b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**,3+ ]Ɋ& ?!X,3+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee908bcc-9a6a-4a75-a1b5-f3afcf21175b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**,3+ ]Ɋ& ;!X,3+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee908bcc-9a6a-4a75-a1b5-f3afcf21175b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**,3+ ]Ɋ& 3!X,3+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee908bcc-9a6a-4a75-a1b5-f3afcf21175b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**,3+ ]Ɋ& 3!X,3+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee908bcc-9a6a-4a75-a1b5-f3afcf21175b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS**,3+ ]Ɋ& 5!X,3+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee908bcc-9a6a-4a75-a1b5-f3afcf21175b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**0,3+ ]Ɋ& !,3+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee908bcc-9a6a-4a75-a1b5-f3afcf21175b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a1a7c764-afb1-438c-8717-97dae7afe1d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@+ ]Ɋ& !+ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee908bcc-9a6a-4a75-a1b5-f3afcf21175b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a1a7c764-afb1-438c-8717-97dae7afe1d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**PN ]Ɋ& )!XPN F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d77c3b3-966a-45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**PN ]Ɋ& A!XPN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d77c3b3-966a-45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**PN ]Ɋ& =!XPN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d77c3b3-966a-45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXPN F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X;8(p F&dLine=8F& ElfChnkp i-Mu=VysMc&&**PN ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XPN F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d77c3b3-966a-45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **PN ]Ɋ& 5!XPN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d77c3b3-966a-45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**PN ]Ɋ& 7!XPN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d77c3b3-966a-45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0PN ]Ɋ& !PN F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d77c3b3-966a-45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=33eec987-3e71-433a-9982-fd8f66f21738 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@N ]Ɋ& !N F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d77c3b3-966a-45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=33eec987-3e71-433a-9982-fd8f66f21738 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=52c@**XN ]Ɋ& !XN F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4e32e5ca-7f44-4851-935b-e21c9f7b3fd5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**pN ]Ɋ& !XN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4e32e5ca-7f44-4851-935b-e21c9f7b3fd5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=141p**hN ]Ɋ& !XN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4e32e5ca-7f44-4851-935b-e21c9f7b3fd5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5h**`N ]Ɋ& !XN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4e32e5ca-7f44-4851-935b-e21c9f7b3fd5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`N ]Ɋ& !XN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4e32e5ca-7f44-4851-935b-e21c9f7b3fd5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hN ]Ɋ& !XN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4e32e5ca-7f44-4851-935b-e21c9f7b3fd5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**N ]Ɋ&  !N F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4e32e5ca-7f44-4851-935b-e21c9f7b3fd5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7762881f-9eca-4fa2-9d51-49a964bb3537 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS**N ]Ɋ& !N F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4e32e5ca-7f44-4851-935b-e21c9f7b3fd5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7762881f-9eca-4fa2-9d51-49a964bb3537 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8}6O ]Ɋ& !X}6O F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e6cc4588-191d-4f5c-a0f9-6b9a5078ee71 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**P}6O ]Ɋ& !X}6O F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e6cc4588-191d-4f5c-a0f9-6b9a5078ee71 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**P}6O ]Ɋ& !X}6O F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e6cc4588-191d-4f5c-a0f9-6b9a5078ee71 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**H}6O ]Ɋ& !X}6O F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e6cc4588-191d-4f5c-a0f9-6b9a5078ee71 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**H}6O ]Ɋ& !X}6O F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e6cc4588-191d-4f5c-a0f9-6b9a5078ee71 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**H}6O ]Ɋ& !X}6O F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e6cc4588-191d-4f5c-a0f9-6b9a5078ee71 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a47H**}6O ]Ɋ& !}6O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e6cc4588-191d-4f5c-a0f9-6b9a5078ee71 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=490a8a1c-e498-4046-aede-93b57adc0611 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**}6O ]Ɋ& !}6O F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e6cc4588-191d-4f5c-a0f9-6b9a5078ee71 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=490a8a1c-e498-4046-aede-93b57adc0611 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**X}6O ]Ɋ& !X}6O F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ef12dc4e-4590-407f-bb56-cf7d1346d174 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f848X**p}6O ]Ɋ& !X}6O F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ef12dc4e-4590-407f-bb56-cf7d1346d174 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**h}6O ]Ɋ& !X}6O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ef12dc4e-4590-407f-bb56-cf7d1346d174 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`}6O ]Ɋ& !X}6O F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ef12dc4e-4590-407f-bb56-cf7d1346d174 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**`}6O ]Ɋ& !X}6O F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ef12dc4e-4590-407f-bb56-cf7d1346d174 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`}6O ]Ɋ& !X}6O F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ef12dc4e-4590-407f-bb56-cf7d1346d174 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`**}6O ]Ɋ& !}6O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ef12dc4e-4590-407f-bb56-cf7d1346d174 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5813e74-8b69-421b-b9f7-1b1001ba7cd2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**}6O ]Ɋ& !}6O F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ef12dc4e-4590-407f-bb56-cf7d1346d174 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5813e74-8b69-421b-b9f7-1b1001ba7cd2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f35**(O ]Ɋ& !XO F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=be0a823d-cafe-4768-bbf2-b03519bc2bd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@O ]Ɋ& !XO F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=be0a823d-cafe-4768-bbf2-b03519bc2bd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@O ]Ɋ& !XO F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=be0a823d-cafe-4768-bbf2-b03519bc2bd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8O ]Ɋ& !XO F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=be0a823d-cafe-4768-bbf2-b03519bc2bd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8O ]Ɋ& !XO F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=be0a823d-cafe-4768-bbf2-b03519bc2bd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8O ]Ɋ& !XO F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=be0a823d-cafe-4768-bbf2-b03519bc2bd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8**O ]Ɋ& !O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=be0a823d-cafe-4768-bbf2-b03519bc2bd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8d923107-a690-4bef-a4b2-89f88ae9d92d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=61**gP ]Ɋ& !gP F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=be0a823d-cafe-4768-bbf2-b03519bc2bd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8d923107-a690-4bef-a4b2-89f88ae9d92d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**XAQ ]Ɋ& !XAQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2dc0f45e-c06b-424c-afd4-d6608348997f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**pAQ ]Ɋ& !XAQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2dc0f45e-c06b-424c-afd4-d6608348997f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pAQ ]Ɋ& !XAQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2dc0f45e-c06b-424c-afd4-d6608348997f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hAQ ]Ɋ& !XAQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2dc0f45e-c06b-424c-afd4-d6608348997f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**hAQ ]Ɋ& !XAQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2dc0f45e-c06b-424c-afd4-d6608348997f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**hAQ ]Ɋ& !XAQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2dc0f45e-c06b-424c-afd4-d6608348997f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=17h**AQ ]Ɋ&  !AQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2dc0f45e-c06b-424c-afd4-d6608348997f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be2430d8-d1eb-48c3-b615-cb79a55ec5c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**טQ ]Ɋ& !טQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2dc0f45e-c06b-424c-afd4-d6608348997f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be2430d8-d1eb-48c3-b615-cb79a55ec5c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue**n1R ]Ɋ& '!Xn1R F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=691f6047-6e8a-4bab-b2f7-a80465d15d81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**n1R ]Ɋ& ?!Xn1R F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=691f6047-6e8a-4bab-b2f7-a80465d15d81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**n1R ]Ɋ& ;!Xn1R F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=691f6047-6e8a-4bab-b2f7-a80465d15d81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**n1R ]Ɋ& 3!Xn1R F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=691f6047-6e8a-4bab-b2f7-a80465d15d81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioXn1R F&45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXPN F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X;8(p F&dLine=8F& ElfChnkHOq3$kMu=VysMc&&** n1R ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xn1R F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=691f6047-6e8a-4bab-b2f7-a80465d15d81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **n1R ]Ɋ& 5!Xn1R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=691f6047-6e8a-4bab-b2f7-a80465d15d81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PN**0n1R ]Ɋ& !n1R F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=691f6047-6e8a-4bab-b2f7-a80465d15d81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=57eec88d-b13a-415c-a65c-936212924e3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=530**@R ]Ɋ& !R F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=691f6047-6e8a-4bab-b2f7-a80465d15d81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=57eec88d-b13a-415c-a65c-936212924e3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**J ]Ɋ& )!XJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8e9aed21-d397-48d0-bae0-2e8796e109ca HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **J ]Ɋ& A!XJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8e9aed21-d397-48d0-bae0-2e8796e109ca HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**J ]Ɋ& =!XJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8e9aed21-d397-48d0-bae0-2e8796e109ca HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**J ]Ɋ& 5!XJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8e9aed21-d397-48d0-bae0-2e8796e109ca HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9f**J ]Ɋ& 5!XJ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8e9aed21-d397-48d0-bae0-2e8796e109ca HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns**J ]Ɋ& 7!XJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8e9aed21-d397-48d0-bae0-2e8796e109ca HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0J ]Ɋ& !J F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8e9aed21-d397-48d0-bae0-2e8796e109ca HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d60a42a5-909f-4978-8fae-9208becc3c93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@SJ ]Ɋ& !SJ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8e9aed21-d397-48d0-bae0-2e8796e109ca HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d60a42a5-909f-4978-8fae-9208becc3c93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**X J ]Ɋ& !X J F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c7321b1-14cb-425c-9175-0823ded31e20 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**p J ]Ɋ& !X J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c7321b1-14cb-425c-9175-0823ded31e20 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h J ]Ɋ& !X J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c7321b1-14cb-425c-9175-0823ded31e20 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` J ]Ɋ& !X J F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c7321b1-14cb-425c-9175-0823ded31e20 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` J ]Ɋ& !X J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c7321b1-14cb-425c-9175-0823ded31e20 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=}`**h J ]Ɋ& !X J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c7321b1-14cb-425c-9175-0823ded31e20 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh** J ]Ɋ&  ! J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c7321b1-14cb-425c-9175-0823ded31e20 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa9ae3c5-fb3c-4a95-84f7-da880ce57c1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe** J ]Ɋ& ! J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c7321b1-14cb-425c-9175-0823ded31e20 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa9ae3c5-fb3c-4a95-84f7-da880ce57c1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**8 J ]Ɋ& !X J F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=252bdd9c-0497-4a3a-a055-437dc017bf56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**P J ]Ɋ& !X J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=252bdd9c-0497-4a3a-a055-437dc017bf56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**P J ]Ɋ& !X J F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=252bdd9c-0497-4a3a-a055-437dc017bf56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=OP**H J ]Ɋ& !X J F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=252bdd9c-0497-4a3a-a055-437dc017bf56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**H J ]Ɋ& !X J F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=252bdd9c-0497-4a3a-a055-437dc017bf56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H J ]Ɋ& !X J F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=252bdd9c-0497-4a3a-a055-437dc017bf56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H** J ]Ɋ& ! J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=252bdd9c-0497-4a3a-a055-437dc017bf56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1ea9d858-c701-4fb4-8286-f293ef44bbbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**J ]Ɋ& !J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=252bdd9c-0497-4a3a-a055-437dc017bf56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1ea9d858-c701-4fb4-8286-f293ef44bbbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**XJ ]Ɋ& !XJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d27f1919-f82d-4752-85e1-089ef9f97d88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**pJ ]Ɋ& !XJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d27f1919-f82d-4752-85e1-089ef9f97d88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**hJ ]Ɋ& !XJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d27f1919-f82d-4752-85e1-089ef9f97d88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`J ]Ɋ& !XJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d27f1919-f82d-4752-85e1-089ef9f97d88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=68`**`J ]Ɋ& !XJ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d27f1919-f82d-4752-85e1-089ef9f97d88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**`J ]Ɋ& !XJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d27f1919-f82d-4752-85e1-089ef9f97d88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**J ]Ɋ& !J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d27f1919-f82d-4752-85e1-089ef9f97d88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3978570c-a88b-4bd8-a099-e7bab6cd7c6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**J ]Ɋ& !J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d27f1919-f82d-4752-85e1-089ef9f97d88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3978570c-a88b-4bd8-a099-e7bab6cd7c6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==8d**(J ]Ɋ& !XJ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=da4b55d2-23fa-44de-a7c5-33a2ad790032 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@J ]Ɋ& !XJ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=da4b55d2-23fa-44de-a7c5-33a2ad790032 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@J ]Ɋ& !XJ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=da4b55d2-23fa-44de-a7c5-33a2ad790032 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**8J ]Ɋ& !XJ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=da4b55d2-23fa-44de-a7c5-33a2ad790032 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8J ]Ɋ& !XJ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=da4b55d2-23fa-44de-a7c5-33a2ad790032 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8J ]Ɋ& !XJ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=da4b55d2-23fa-44de-a7c5-33a2ad790032 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**J ]Ɋ& !J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=da4b55d2-23fa-44de-a7c5-33a2ad790032 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ba0aa8aa-8d84-489a-937b-1fe5000959ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S**MJ ]Ɋ& !MJ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=da4b55d2-23fa-44de-a7c5-33a2ad790032 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ba0aa8aa-8d84-489a-937b-1fe5000959ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**XzNJ ]Ɋ& !XzNJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pzNJ ]Ɋ& !XzNJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**pzNJ ]Ɋ& !XzNJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**hzNJ ]Ɋ& !XzNJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**hzNJ ]Ɋ& !XzNJ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**hzNJ ]Ɋ& !XzNJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !zNJ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4f56626-7c29-4cd9-8e51-d9b55452fa10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk558p1]O<Mu=VysMc&&** zNJ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !zNJ F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4f56626-7c29-4cd9-8e51-d9b55452fa10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art **J ]Ɋ& !J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4f56626-7c29-4cd9-8e51-d9b55452fa10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=4**J ]Ɋ& '!XJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c7270092-bfb6-4d72-a47f-cd39a2589022 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**J ]Ɋ& ?!XJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c7270092-bfb6-4d72-a47f-cd39a2589022 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**J ]Ɋ& ;!XJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c7270092-bfb6-4d72-a47f-cd39a2589022 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**J ]Ɋ& 3!XJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c7270092-bfb6-4d72-a47f-cd39a2589022 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi** J ]Ɋ& 3!XJ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c7270092-bfb6-4d72-a47f-cd39a2589022 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== ** J ]Ɋ& 5!XJ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c7270092-bfb6-4d72-a47f-cd39a2589022 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**0 J ]Ɋ& !J  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c7270092-bfb6-4d72-a47f-cd39a2589022 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=52e65c58-88eb-4f35-94c0-ba373e5656ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2a0**@ =J ]Ɋ& !=J  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c7270092-bfb6-4d72-a47f-cd39a2589022 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=52e65c58-88eb-4f35-94c0-ba373e5656ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d P@** '( ]Ɋ& )!X'(  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6816fc3a-bc0e-4de8-adad-2b344780598a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**'( ]Ɋ& A!X'( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6816fc3a-bc0e-4de8-adad-2b344780598a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**'( ]Ɋ& =!X'( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6816fc3a-bc0e-4de8-adad-2b344780598a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **'( ]Ɋ& 5!X'( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6816fc3a-bc0e-4de8-adad-2b344780598a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**'( ]Ɋ& 5!X'( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6816fc3a-bc0e-4de8-adad-2b344780598a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cl**'( ]Ɋ& 7!X'( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6816fc3a-bc0e-4de8-adad-2b344780598a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0'( ]Ɋ& !'( F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6816fc3a-bc0e-4de8-adad-2b344780598a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=96046ce4-57bd-4104-8b50-3932039aeac0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@Y) ]Ɋ& !Y) F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6816fc3a-bc0e-4de8-adad-2b344780598a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=96046ce4-57bd-4104-8b50-3932039aeac0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art@**XY) ]Ɋ& !XY) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3216f676-3c88-4966-b750-c7ad5e700cfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d X**pY) ]Ɋ& !XY) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3216f676-3c88-4966-b750-c7ad5e700cfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=p**hY) ]Ɋ& !XY) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3216f676-3c88-4966-b750-c7ad5e700cfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ch**`Y) ]Ɋ& !XY) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3216f676-3c88-4966-b750-c7ad5e700cfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`Y) ]Ɋ& !XY) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3216f676-3c88-4966-b750-c7ad5e700cfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**hY) ]Ɋ& !XY) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3216f676-3c88-4966-b750-c7ad5e700cfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tId=h**Y) ]Ɋ&  !Y) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3216f676-3c88-4966-b750-c7ad5e700cfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=426843b2-b965-4e6b-94f6-db4eacf8c5ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9c-0**Y) ]Ɋ& !Y) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3216f676-3c88-4966-b750-c7ad5e700cfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=426843b2-b965-4e6b-94f6-db4eacf8c5ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**8Y) ]Ɋ& !XY) F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aff1ab5b-ffe5-4f89-ac04-4fcdad9602ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=828**PY) ]Ɋ& !XY) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aff1ab5b-ffe5-4f89-ac04-4fcdad9602ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tIP**PY) ]Ɋ& !XY) F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aff1ab5b-ffe5-4f89-ac04-4fcdad9602ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==4.0P**H Y) ]Ɋ& !XY)  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aff1ab5b-ffe5-4f89-ac04-4fcdad9602ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**H!Y) ]Ɋ& !XY)! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aff1ab5b-ffe5-4f89-ac04-4fcdad9602ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConsH**H"Y) ]Ɋ& !XY)" F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aff1ab5b-ffe5-4f89-ac04-4fcdad9602ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**#Y) ]Ɋ& !Y)# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aff1ab5b-ffe5-4f89-ac04-4fcdad9602ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b49f008f-63f1-48a6-b47e-4d660ffe4cc3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=equ**$) ]Ɋ& !)$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aff1ab5b-ffe5-4f89-ac04-4fcdad9602ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b49f008f-63f1-48a6-b47e-4d660ffe4cc3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**X%) ]Ɋ& !X)% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=780c2e20-817a-4c26-86e4-57e3cb669a88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p&) ]Ɋ& !X)& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=780c2e20-817a-4c26-86e4-57e3cb669a88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Scp**h') ]Ɋ& !X)' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=780c2e20-817a-4c26-86e4-57e3cb669a88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dOh**`() ]Ɋ& !X)( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=780c2e20-817a-4c26-86e4-57e3cb669a88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns`**`)) ]Ɋ& !X)) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=780c2e20-817a-4c26-86e4-57e3cb669a88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh`**`*) ]Ɋ& !X)* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=780c2e20-817a-4c26-86e4-57e3cb669a88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**+) ]Ɋ& !)+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=780c2e20-817a-4c26-86e4-57e3cb669a88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82c6116c-1464-4e75-980a-30e0686ceca8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**,) ]Ɋ& !), F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=780c2e20-817a-4c26-86e4-57e3cb669a88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82c6116c-1464-4e75-980a-30e0686ceca8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(-) ]Ɋ& !X)- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5b6db7f4-6ec0-4ba0-8529-37d4a5c969a0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m(**@.) ]Ɋ& !X). F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5b6db7f4-6ec0-4ba0-8529-37d4a5c969a0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U@**@/) ]Ɋ& !X)/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5b6db7f4-6ec0-4ba0-8529-37d4a5c969a0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**80) ]Ɋ& !X)0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5b6db7f4-6ec0-4ba0-8529-37d4a5c969a0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ARE8**81) ]Ɋ& !X)1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5b6db7f4-6ec0-4ba0-8529-37d4a5c969a0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**82) ]Ɋ& !X)2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5b6db7f4-6ec0-4ba0-8529-37d4a5c969a0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**3) ]Ɋ& !)3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5b6db7f4-6ec0-4ba0-8529-37d4a5c969a0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b4bdfd71-05a7-4b99-a2b2-edb0980529f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co**4L* ]Ɋ& !L*4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5b6db7f4-6ec0-4ba0-8529-37d4a5c969a0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b4bdfd71-05a7-4b99-a2b2-edb0980529f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInf**X5<- ]Ɋ& !X<-5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7addaad2-6d82-4140-a7ab-59988e84b464 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X<-6 F&aceId=a4f56626-7c29-4cd9-8e51-d9b55452fa10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk6g6g0X3oVPUMu=VysMc&&**x 6<- ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! W!X<-6 F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7addaad2-6d82-4140-a7ab-59988e84b464 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **p7<- ]Ɋ& !X<-7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7addaad2-6d82-4140-a7ab-59988e84b464 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**h8<- ]Ɋ& !X<-8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7addaad2-6d82-4140-a7ab-59988e84b464 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**h9<- ]Ɋ& !X<-9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7addaad2-6d82-4140-a7ab-59988e84b464 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h:<- ]Ɋ& !X<-: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7addaad2-6d82-4140-a7ab-59988e84b464 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**;<- ]Ɋ&  !<-; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7addaad2-6d82-4140-a7ab-59988e84b464 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70597f87-7d5c-4579-8ae0-73210a7647ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**<. ]Ɋ& !.< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7addaad2-6d82-4140-a7ab-59988e84b464 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70597f87-7d5c-4579-8ae0-73210a7647ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**=i. ]Ɋ& '!Xi.= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=14dbe33c-c974-47d0-82ef-e5090779133f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**>i. ]Ɋ& ?!Xi.> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=14dbe33c-c974-47d0-82ef-e5090779133f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**?i. ]Ɋ& ;!Xi.? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=14dbe33c-c974-47d0-82ef-e5090779133f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b34**@i. ]Ɋ& 3!Xi.@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=14dbe33c-c974-47d0-82ef-e5090779133f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ai. ]Ɋ& 3!Xi.A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=14dbe33c-c974-47d0-82ef-e5090779133f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=447**Bi. ]Ɋ& 5!Xi.B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=14dbe33c-c974-47d0-82ef-e5090779133f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0Ci. ]Ɋ& !i.C F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=14dbe33c-c974-47d0-82ef-e5090779133f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=271a411e-cdec-430d-a863-8cf42657c1e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@DO/ ]Ɋ& !O/D F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=14dbe33c-c974-47d0-82ef-e5090779133f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=271a411e-cdec-430d-a863-8cf42657c1e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**EU ]Ɋ& )!XUE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=784ad595-6951-493f-882b-afdcb6a9f54a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **FU ]Ɋ& A!XUF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=784ad595-6951-493f-882b-afdcb6a9f54a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**GU ]Ɋ& =!XUG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=784ad595-6951-493f-882b-afdcb6a9f54a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**HU ]Ɋ& 5!XUH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=784ad595-6951-493f-882b-afdcb6a9f54a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**IU ]Ɋ& 5!XUI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=784ad595-6951-493f-882b-afdcb6a9f54a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**JU ]Ɋ& 7!XUJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=784ad595-6951-493f-882b-afdcb6a9f54a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0K= ]Ɋ& !=K F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=784ad595-6951-493f-882b-afdcb6a9f54a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=86350168-2c72-4936-8e33-19a368d41720 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@LԆ ]Ɋ& !ԆL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=784ad595-6951-493f-882b-afdcb6a9f54a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=86350168-2c72-4936-8e33-19a368d41720 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**XMԆ ]Ɋ& !XԆM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=942589f7-d8e1-4228-9d3a-3fef77e7cd2e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pNԆ ]Ɋ& !XԆN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=942589f7-d8e1-4228-9d3a-3fef77e7cd2e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**hOԆ ]Ɋ& !XԆO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=942589f7-d8e1-4228-9d3a-3fef77e7cd2e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`PԆ ]Ɋ& !XԆP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=942589f7-d8e1-4228-9d3a-3fef77e7cd2e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`QԆ ]Ɋ& !XԆQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=942589f7-d8e1-4228-9d3a-3fef77e7cd2e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hRԆ ]Ɋ& !XԆR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=942589f7-d8e1-4228-9d3a-3fef77e7cd2e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**SԆ ]Ɋ&  !ԆS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=942589f7-d8e1-4228-9d3a-3fef77e7cd2e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6021ef4d-a2e7-4e75-b5c6-0dc74acf2ed3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**Tj ]Ɋ& !jT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=942589f7-d8e1-4228-9d3a-3fef77e7cd2e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6021ef4d-a2e7-4e75-b5c6-0dc74acf2ed3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8Uj ]Ɋ& !XjU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=32b5cc38-8104-4353-b5f3-848e329ffd7d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**PVj ]Ɋ& !XjV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=32b5cc38-8104-4353-b5f3-848e329ffd7d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PWj ]Ɋ& !XjW F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=32b5cc38-8104-4353-b5f3-848e329ffd7d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**HXj ]Ɋ& !XjX F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=32b5cc38-8104-4353-b5f3-848e329ffd7d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HYj ]Ɋ& !XjY F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=32b5cc38-8104-4353-b5f3-848e329ffd7d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HZj ]Ɋ& !XjZ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=32b5cc38-8104-4353-b5f3-848e329ffd7d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**[j ]Ɋ& !j[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=32b5cc38-8104-4353-b5f3-848e329ffd7d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c126b15c-599a-4a71-be7c-4bd4d3d2ef0d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**\j ]Ɋ& !j\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=32b5cc38-8104-4353-b5f3-848e329ffd7d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c126b15c-599a-4a71-be7c-4bd4d3d2ef0d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X]j ]Ɋ& !Xj] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1b2c834d-4e2f-4a83-9a9e-ecd57d0d5c6f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**p^j ]Ɋ& !Xj^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1b2c834d-4e2f-4a83-9a9e-ecd57d0d5c6f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**h_j ]Ɋ& !Xj_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1b2c834d-4e2f-4a83-9a9e-ecd57d0d5c6f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**``j ]Ɋ& !Xj` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1b2c834d-4e2f-4a83-9a9e-ecd57d0d5c6f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`aj ]Ɋ& !Xja F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1b2c834d-4e2f-4a83-9a9e-ecd57d0d5c6f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`bj ]Ɋ& !Xjb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1b2c834d-4e2f-4a83-9a9e-ecd57d0d5c6f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**cj ]Ɋ& !jc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1b2c834d-4e2f-4a83-9a9e-ecd57d0d5c6f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1362fe09-239e-4605-bf82-2fb46617c682 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1b2c834d-4e2f-4a83-9a9e-ecd57d0d5c6f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1362fe09-239e-4605-bf82-2fb46617c682 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(e ]Ɋ& !Xe F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f08a909f-2951-44bc-8512-3b9707f2e21e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@f ]Ɋ& !Xf F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f08a909f-2951-44bc-8512-3b9707f2e21e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@g ]Ɋ& !Xg F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f08a909f-2951-44bc-8512-3b9707f2e21e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@ 65535 Eng ]Ɋ& ndXh F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X<-6 F&aceId=a4f56626-7c29-4cd9-8e51-d9b55452fa10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkhhp4r'&Mu=VysMc&&**8 h ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xh F&F%g>9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f08a909f-2951-44bc-8512-3b9707f2e21e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8i ]Ɋ& !Xi F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f08a909f-2951-44bc-8512-3b9707f2e21e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8j ]Ɋ& !Xj F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f08a909f-2951-44bc-8512-3b9707f2e21e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8**k ]Ɋ& !k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f08a909f-2951-44bc-8512-3b9707f2e21e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=af542dc1-ccf9-430c-acf8-77b81f313368 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7a**lP ]Ɋ& !Pl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f08a909f-2951-44bc-8512-3b9707f2e21e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=af542dc1-ccf9-430c-acf8-77b81f313368 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**Xmā ]Ɋ& !Xām F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b5466cb4-8f57-483c-8207-603fd8640bd9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pnā ]Ɋ& !Xān F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b5466cb4-8f57-483c-8207-603fd8640bd9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**poā ]Ɋ& !Xāo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b5466cb4-8f57-483c-8207-603fd8640bd9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hpā ]Ɋ& !Xāp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b5466cb4-8f57-483c-8207-603fd8640bd9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**hqā ]Ɋ& !Xāq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b5466cb4-8f57-483c-8207-603fd8640bd9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**hrā ]Ɋ& !Xār F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b5466cb4-8f57-483c-8207-603fd8640bd9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4-h**sā ]Ɋ&  !ās F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b5466cb4-8f57-483c-8207-603fd8640bd9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a9f965ee-18e5-4d2c-bb96-d09cf3c7f59d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O**t[ ]Ɋ& ![t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b5466cb4-8f57-483c-8207-603fd8640bd9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a9f965ee-18e5-4d2c-bb96-d09cf3c7f59d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[**u[ ]Ɋ& '!X[u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=03db8e7d-cff9-47ff-a78f-b17aeba9de44 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**v[ ]Ɋ& ?!X[v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=03db8e7d-cff9-47ff-a78f-b17aeba9de44 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**w[ ]Ɋ& ;!X[w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=03db8e7d-cff9-47ff-a78f-b17aeba9de44 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**x[ ]Ɋ& 3!X[x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=03db8e7d-cff9-47ff-a78f-b17aeba9de44 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **y[ ]Ɋ& 3!X[y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=03db8e7d-cff9-47ff-a78f-b17aeba9de44 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp**z[ ]Ɋ& 5!X[z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=03db8e7d-cff9-47ff-a78f-b17aeba9de44 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**0{[ ]Ɋ& ![{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=03db8e7d-cff9-47ff-a78f-b17aeba9de44 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cfa9b571-f257-448d-97c3-da72fa1cc9f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@| ]Ɋ& !| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=03db8e7d-cff9-47ff-a78f-b17aeba9de44 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cfa9b571-f257-448d-97c3-da72fa1cc9f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@**}b.] ]Ɋ& )!Xb.]} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=716420d1-1327-48db-bf75-70d8e81ee6a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**~b.] ]Ɋ& A!Xb.]~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=716420d1-1327-48db-bf75-70d8e81ee6a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**b.] ]Ɋ& =!Xb.] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=716420d1-1327-48db-bf75-70d8e81ee6a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**b.] ]Ɋ& 5!Xb.] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=716420d1-1327-48db-bf75-70d8e81ee6a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**b.] ]Ɋ& 5!Xb.] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=716420d1-1327-48db-bf75-70d8e81ee6a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**b.] ]Ɋ& 7!Xb.] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=716420d1-1327-48db-bf75-70d8e81ee6a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0b.] ]Ɋ& !b.] F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=716420d1-1327-48db-bf75-70d8e81ee6a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e3d378a-34fb-41d7-b0c2-b0982689444a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@C/] ]Ɋ& !C/] F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=716420d1-1327-48db-bf75-70d8e81ee6a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e3d378a-34fb-41d7-b0c2-b0982689444a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e1-@**XC/] ]Ɋ& !XC/] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=614535f9-a423-49b6-a4f8-17b5455df3d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**pC/] ]Ɋ& !XC/] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=614535f9-a423-49b6-a4f8-17b5455df3d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**hC/] ]Ɋ& !XC/] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=614535f9-a423-49b6-a4f8-17b5455df3d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ch**`C/] ]Ɋ& !XC/] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=614535f9-a423-49b6-a4f8-17b5455df3d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3`**`C/] ]Ɋ& !XC/] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=614535f9-a423-49b6-a4f8-17b5455df3d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2`**hC/] ]Ɋ& !XC/] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=614535f9-a423-49b6-a4f8-17b5455df3d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph**C/] ]Ɋ&  !C/] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=614535f9-a423-49b6-a4f8-17b5455df3d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=16ed4e6b-0719-44ec-b0b1-325976f01717 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru**C/] ]Ɋ& !C/] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=614535f9-a423-49b6-a4f8-17b5455df3d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=16ed4e6b-0719-44ec-b0b1-325976f01717 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8+0] ]Ɋ& !X+0] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=83076158-f3f1-440d-bbd5-29d8e230aa7e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**P+0] ]Ɋ& !X+0] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=83076158-f3f1-440d-bbd5-29d8e230aa7e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**P+0] ]Ɋ& !X+0] F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=83076158-f3f1-440d-bbd5-29d8e230aa7e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**H+0] ]Ɋ& !X+0] F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=83076158-f3f1-440d-bbd5-29d8e230aa7e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0d5cH**H+0] ]Ɋ& !X+0] F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=83076158-f3f1-440d-bbd5-29d8e230aa7e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-9a9H**H+0] ]Ɋ& !X+0] F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=83076158-f3f1-440d-bbd5-29d8e230aa7e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4d-H**+0] ]Ɋ& !+0] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=83076158-f3f1-440d-bbd5-29d8e230aa7e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=02eb5da4-3e1f-45bc-972a-0a39a57cda03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c6f**+0] ]Ɋ& !+0] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=83076158-f3f1-440d-bbd5-29d8e230aa7e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=02eb5da4-3e1f-45bc-972a-0a39a57cda03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9**X+0] ]Ɋ& !X+0] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cd3d4441-ca96-4a4b-9be9-db5622dc591d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**p+0] ]Ɋ& !X+0] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cd3d4441-ca96-4a4b-9be9-db5622dc591d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**h+0] ]Ɋ& !X+0] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cd3d4441-ca96-4a4b-9be9-db5622dc591d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`+0] ]Ɋ& !X+0] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cd3d4441-ca96-4a4b-9be9-db5622dc591d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CX+0] F&wid@ 65535 Eng ]Ɋ& ndXh F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X<-6 F&aceId=a4f56626-7c29-4cd9-8e51-d9b55452fa10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@߼NMu=VysMc&&**h+0] ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X+0] F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cd3d4441-ca96-4a4b-9be9-db5622dc591d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`+0] ]Ɋ& !X+0] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cd3d4441-ca96-4a4b-9be9-db5622dc591d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**+0] ]Ɋ& !+0] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cd3d4441-ca96-4a4b-9be9-db5622dc591d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=72435bb3-f7d2-470e-833d-892c5de90e2d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p0] ]Ɋ& !p0] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cd3d4441-ca96-4a4b-9be9-db5622dc591d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=72435bb3-f7d2-470e-833d-892c5de90e2d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(p0] ]Ɋ& !Xp0] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6c4c97a3-e04e-43ca-8776-28ef914bd0db HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2(**@p0] ]Ɋ& !Xp0] F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6c4c97a3-e04e-43ca-8776-28ef914bd0db HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6@**@p0] ]Ɋ& !Xp0] F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6c4c97a3-e04e-43ca-8776-28ef914bd0db HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8p0] ]Ɋ& !Xp0] F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6c4c97a3-e04e-43ca-8776-28ef914bd0db HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8p0] ]Ɋ& !Xp0] F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6c4c97a3-e04e-43ca-8776-28ef914bd0db HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8p0] ]Ɋ& !Xp0] F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6c4c97a3-e04e-43ca-8776-28ef914bd0db HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**p0] ]Ɋ& !p0] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6c4c97a3-e04e-43ca-8776-28ef914bd0db HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1404dca0-abbc-425e-9a98-ca5bf91f30a7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**]1] ]Ɋ& !]1] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6c4c97a3-e04e-43ca-8776-28ef914bd0db HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1404dca0-abbc-425e-9a98-ca5bf91f30a7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X&3] ]Ɋ& !X&3] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8b225372-0212-4e3c-9ce1-470b4608399c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p&3] ]Ɋ& !X&3] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8b225372-0212-4e3c-9ce1-470b4608399c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p&3] ]Ɋ& !X&3] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8b225372-0212-4e3c-9ce1-470b4608399c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h&3] ]Ɋ& !X&3] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8b225372-0212-4e3c-9ce1-470b4608399c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h&3] ]Ɋ& !X&3] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8b225372-0212-4e3c-9ce1-470b4608399c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h&3] ]Ɋ& !X&3] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8b225372-0212-4e3c-9ce1-470b4608399c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**&3] ]Ɋ&  !&3] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8b225372-0212-4e3c-9ce1-470b4608399c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=249535a8-39c8-4272-be63-d16994b5e9f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**a3] ]Ɋ& !a3] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8b225372-0212-4e3c-9ce1-470b4608399c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=249535a8-39c8-4272-be63-d16994b5e9f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring**W4] ]Ɋ& '!XW4] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=101ebc7d-4763-4fdd-885e-82750715d99e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**W4] ]Ɋ& ?!XW4] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=101ebc7d-4763-4fdd-885e-82750715d99e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**W4] ]Ɋ& ;!XW4] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=101ebc7d-4763-4fdd-885e-82750715d99e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**W4] ]Ɋ& 3!XW4] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=101ebc7d-4763-4fdd-885e-82750715d99e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==71**W4] ]Ɋ& 3!XW4] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=101ebc7d-4763-4fdd-885e-82750715d99e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**W4] ]Ɋ& 5!XW4] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=101ebc7d-4763-4fdd-885e-82750715d99e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8d**0W4] ]Ɋ& !W4] F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=101ebc7d-4763-4fdd-885e-82750715d99e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f23b6aa-7dd0-485d-a3f2-d54f9a0d4a29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@$5] ]Ɋ& !$5] F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=101ebc7d-4763-4fdd-885e-82750715d99e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f23b6aa-7dd0-485d-a3f2-d54f9a0d4a29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**U ]Ɋ& )!XU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=546b4ed6-6717-467b-afda-26ec2b36ec64 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**U ]Ɋ& A!XU F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=546b4ed6-6717-467b-afda-26ec2b36ec64 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **U ]Ɋ& =!XU F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=546b4ed6-6717-467b-afda-26ec2b36ec64 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**U ]Ɋ& 5!XU F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=546b4ed6-6717-467b-afda-26ec2b36ec64 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**U ]Ɋ& 5!XU F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=546b4ed6-6717-467b-afda-26ec2b36ec64 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **U ]Ɋ& 7!XU F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=546b4ed6-6717-467b-afda-26ec2b36ec64 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0U ]Ɋ& !U F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=546b4ed6-6717-467b-afda-26ec2b36ec64 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c83f5b0f-8e9a-46e9-b6ad-3dd408f92871 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=546b4ed6-6717-467b-afda-26ec2b36ec64 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c83f5b0f-8e9a-46e9-b6ad-3dd408f92871 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**X+ ]Ɋ& !X+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee2cfbb6-263d-4ee1-b0c0-d580d27783ed HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**p+ ]Ɋ& !X+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee2cfbb6-263d-4ee1-b0c0-d580d27783ed HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**h+ ]Ɋ& !X+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee2cfbb6-263d-4ee1-b0c0-d580d27783ed HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`+ ]Ɋ& !X+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee2cfbb6-263d-4ee1-b0c0-d580d27783ed HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`+ ]Ɋ& !X+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee2cfbb6-263d-4ee1-b0c0-d580d27783ed HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h+ ]Ɋ& !X+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee2cfbb6-263d-4ee1-b0c0-d580d27783ed HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**+ ]Ɋ&  !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee2cfbb6-263d-4ee1-b0c0-d580d27783ed HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1683ac3e-001c-4fb5-8101-1d4699252e03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee2cfbb6-263d-4ee1-b0c0-d580d27783ed HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1683ac3e-001c-4fb5-8101-1d4699252e03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8+ ]Ɋ& !X+ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5b05df26-5ddc-4f9d-afb0-a08558649373 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**P+ ]Ɋ& !X+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5b05df26-5ddc-4f9d-afb0-a08558649373 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**P+ ]Ɋ& !X+ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5b05df26-5ddc-4f9d-afb0-a08558649373 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**H+ ]Ɋ& !X+ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5b05df26-5ddc-4f9d-afb0-a08558649373 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**H+ ]Ɋ& !X+ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5b05df26-5ddc-4f9d-afb0-a08558649373 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=52faH PipelineI ]Ɋ&  X+ F&ElfChnkhbpxMu=VysMc&&**H+ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! +!X+ F&F%g>9{p(xlMD EventDatauoData !BinaryxVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5b05df26-5ddc-4f9d-afb0-a08558649373 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**+ ]Ɋ& !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5b05df26-5ddc-4f9d-afb0-a08558649373 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31198a6b-8d32-4540-bfff-3608dab6865d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=+0**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5b05df26-5ddc-4f9d-afb0-a08558649373 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31198a6b-8d32-4540-bfff-3608dab6865d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=076ff72f-d3d9-4229-ade3-48ec66920943 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=076ff72f-d3d9-4229-ade3-48ec66920943 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=076ff72f-d3d9-4229-ade3-48ec66920943 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=076ff72f-d3d9-4229-ade3-48ec66920943 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=076ff72f-d3d9-4229-ade3-48ec66920943 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=076ff72f-d3d9-4229-ade3-48ec66920943 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=076ff72f-d3d9-4229-ade3-48ec66920943 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31c16eaf-9d3e-45f9-a65c-3c00378d808a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=076ff72f-d3d9-4229-ade3-48ec66920943 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31c16eaf-9d3e-45f9-a65c-3c00378d808a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ec15fc2c-1bed-499e-8e2b-20c36b5330c3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ec15fc2c-1bed-499e-8e2b-20c36b5330c3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ec15fc2c-1bed-499e-8e2b-20c36b5330c3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ec15fc2c-1bed-499e-8e2b-20c36b5330c3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ec15fc2c-1bed-499e-8e2b-20c36b5330c3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==8b8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ec15fc2c-1bed-499e-8e2b-20c36b5330c3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ec15fc2c-1bed-499e-8e2b-20c36b5330c3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fff8201e-e870-4620-9c7e-df5e9cff3aed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**X ]Ɋ& !X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ec15fc2c-1bed-499e-8e2b-20c36b5330c3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fff8201e-e870-4620-9c7e-df5e9cff3aed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cab761dc-0b15-4edc-9fe0-23dea9bdd9a0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cab761dc-0b15-4edc-9fe0-23dea9bdd9a0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cab761dc-0b15-4edc-9fe0-23dea9bdd9a0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cab761dc-0b15-4edc-9fe0-23dea9bdd9a0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cab761dc-0b15-4edc-9fe0-23dea9bdd9a0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cab761dc-0b15-4edc-9fe0-23dea9bdd9a0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cab761dc-0b15-4edc-9fe0-23dea9bdd9a0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37e3967b-77ed-4ea5-b5d2-11a417014b6e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cab761dc-0b15-4edc-9fe0-23dea9bdd9a0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37e3967b-77ed-4ea5-b5d2-11a417014b6e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost ** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e94cfabc-69b2-4c0c-837d-1fa5e24e1e00 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e94cfabc-69b2-4c0c-837d-1fa5e24e1e00 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e94cfabc-69b2-4c0c-837d-1fa5e24e1e00 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e94cfabc-69b2-4c0c-837d-1fa5e24e1e00 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e94cfabc-69b2-4c0c-837d-1fa5e24e1e00 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e94cfabc-69b2-4c0c-837d-1fa5e24e1e00 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e94cfabc-69b2-4c0c-837d-1fa5e24e1e00 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=276ccf76-3985-411d-a57c-8abbe4df3e71 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e94cfabc-69b2-4c0c-837d-1fa5e24e1e00 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=276ccf76-3985-411d-a57c-8abbe4df3e71 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 @**eR  ]Ɋ& )!XeR  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07eb9552-526a-4dea-89b4-192fd9262d6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uctS**eR  ]Ɋ& A!XeR  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07eb9552-526a-4dea-89b4-192fd9262d6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=curi**eR  ]Ɋ& =!XeR  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07eb9552-526a-4dea-89b4-192fd9262d6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **eR  ]Ɋ& 5!XeR  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07eb9552-526a-4dea-89b4-192fd9262d6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **eR  ]Ɋ& 5!XeR  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07eb9552-526a-4dea-89b4-192fd9262d6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi**eR  ]Ɋ& 7!XeR  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07eb9552-526a-4dea-89b4-192fd9262d6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0eR  ]Ɋ& !eR  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07eb9552-526a-4dea-89b4-192fd9262d6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2231e1d1-c83b-44da-9744-be5556ee8a85 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@8R  ]Ɋ& !8R  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07eb9552-526a-4dea-89b4-192fd9262d6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2231e1d1-c83b-44da-9744-be5556ee8a85 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XϖS  ]Ɋ& !XϖS  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=70900fb8-f014-42f0-8c65-948be8136526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**pϖS  ]Ɋ& !XϖS  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=70900fb8-f014-42f0-8c65-948be8136526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**hϖS  ]Ɋ& !XϖS  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=70900fb8-f014-42f0-8c65-948be8136526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`ϖS  ]Ɋ& !XϖS  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=70900fb8-f014-42f0-8c65-948be8136526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`ϖS  ]Ɋ& !XϖS  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=70900fb8-f014-42f0-8c65-948be8136526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hϖS  ]Ɋ& !XϖS  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=70900fb8-f014-42f0-8c65-948be8136526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h ]Ɋ& X+ϖS ElfChnk++3%u` Mu=VysMc&&**ϖS  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !ϖS  F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=70900fb8-f014-42f0-8c65-948be8136526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec4e06fd-0394-4733-b827-f2453326063f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ϖS  ]Ɋ& !ϖS  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=70900fb8-f014-42f0-8c65-948be8136526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec4e06fd-0394-4733-b827-f2453326063f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8ϖS  ]Ɋ& !XϖS  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=433d80fa-44b0-41a0-8a17-b7d3c2074db3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PϖS  ]Ɋ& !XϖS  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=433d80fa-44b0-41a0-8a17-b7d3c2074db3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**PϖS  ]Ɋ& !XϖS  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=433d80fa-44b0-41a0-8a17-b7d3c2074db3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**P**HϖS  ]Ɋ& !XϖS  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=433d80fa-44b0-41a0-8a17-b7d3c2074db3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**HϖS  ]Ɋ& !XϖS  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=433d80fa-44b0-41a0-8a17-b7d3c2074db3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**HϖS  ]Ɋ& !XϖS  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=433d80fa-44b0-41a0-8a17-b7d3c2074db3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**ϖS  ]Ɋ& !ϖS  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=433d80fa-44b0-41a0-8a17-b7d3c2074db3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46b7ed2e-8ea5-4992-85ff-1665219836d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLi**ϖS  ]Ɋ& !ϖS  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=433d80fa-44b0-41a0-8a17-b7d3c2074db3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46b7ed2e-8ea5-4992-85ff-1665219836d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**Xe/T  ]Ɋ& !Xe/T  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=52004dbf-4ee6-4820-b8d8-6eeaa6a23889 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNamX**pe/T  ]Ɋ& !Xe/T  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=52004dbf-4ee6-4820-b8d8-6eeaa6a23889 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**he/T  ]Ɋ& !Xe/T  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=52004dbf-4ee6-4820-b8d8-6eeaa6a23889 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**`e/T  ]Ɋ& !Xe/T  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=52004dbf-4ee6-4820-b8d8-6eeaa6a23889 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca`**` e/T  ]Ɋ& !Xe/T   F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=52004dbf-4ee6-4820-b8d8-6eeaa6a23889 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**` e/T  ]Ɋ& !Xe/T   F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=52004dbf-4ee6-4820-b8d8-6eeaa6a23889 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** e/T  ]Ɋ& !e/T   F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=52004dbf-4ee6-4820-b8d8-6eeaa6a23889 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=10745269-21f9-43e0-b8d4-a2f8dbbada67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** e/T  ]Ɋ& !e/T   F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=52004dbf-4ee6-4820-b8d8-6eeaa6a23889 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=10745269-21f9-43e0-b8d4-a2f8dbbada67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**( e/T  ]Ɋ& !Xe/T   F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4dd078c7-3382-4f29-8984-9310ecf299d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f(**@e/T  ]Ɋ& !Xe/T  F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4dd078c7-3382-4f29-8984-9310ecf299d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@e/T  ]Ɋ& !Xe/T  F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4dd078c7-3382-4f29-8984-9310ecf299d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da@**8e/T  ]Ɋ& !Xe/T  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4dd078c7-3382-4f29-8984-9310ecf299d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on\8**8e/T  ]Ɋ& !Xe/T  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4dd078c7-3382-4f29-8984-9310ecf299d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver8**8e/T  ]Ɋ& !Xe/T  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4dd078c7-3382-4f29-8984-9310ecf299d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**e/T  ]Ɋ& !e/T  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4dd078c7-3382-4f29-8984-9310ecf299d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dcef2e74-a9ff-46ac-8215-c8fd9b201cca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri**T  ]Ɋ& !T  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4dd078c7-3382-4f29-8984-9310ecf299d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dcef2e74-a9ff-46ac-8215-c8fd9b201cca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | O**X)U  ]Ɋ& !X)U  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9976a664-525b-4958-b721-fb4777efe125 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p)U  ]Ɋ& !X)U  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9976a664-525b-4958-b721-fb4777efe125 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**p)U  ]Ɋ& !X)U  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9976a664-525b-4958-b721-fb4777efe125 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fo]p**h)U  ]Ɋ& !X)U  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9976a664-525b-4958-b721-fb4777efe125 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**h)U  ]Ɋ& !X)U  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9976a664-525b-4958-b721-fb4777efe125 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**h)U  ]Ɋ& !X)U  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9976a664-525b-4958-b721-fb4777efe125 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Coh**)U  ]Ɋ&  !)U  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9976a664-525b-4958-b721-fb4777efe125 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12f43d48-fcb6-4074-9715-1bf9159f1a32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**V  ]Ɋ& !V  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9976a664-525b-4958-b721-fb4777efe125 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12f43d48-fcb6-4074-9715-1bf9159f1a32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**V  ]Ɋ& '!XV  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b319fbd1-0678-4724-b6c6-939361c31655 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**V  ]Ɋ& ?!XV  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b319fbd1-0678-4724-b6c6-939361c31655 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**V  ]Ɋ& ;!XV  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b319fbd1-0678-4724-b6c6-939361c31655 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as** V  ]Ɋ& 3!XV   F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b319fbd1-0678-4724-b6c6-939361c31655 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ing**!V  ]Ɋ& 3!XV ! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b319fbd1-0678-4724-b6c6-939361c31655 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art**"V  ]Ɋ& 5!XV " F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b319fbd1-0678-4724-b6c6-939361c31655 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65**0#V  ]Ɋ& !V # F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b319fbd1-0678-4724-b6c6-939361c31655 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=32b6ad06-94c2-4c94-bda5-a27dfd29173a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@$V*W  ]Ɋ& !V*W $ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b319fbd1-0678-4724-b6c6-939361c31655 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=32b6ad06-94c2-4c94-bda5-a27dfd29173a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4da-@**%\Ϲo ]Ɋ& )!X\Ϲo% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**&\Ϲo ]Ɋ& A!X\Ϲo& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**'\Ϲo ]Ɋ& =!X\Ϲo' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f0**(\Ϲo ]Ɋ& 5!X\Ϲo( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**)\Ϲo ]Ɋ& 5!X\Ϲo) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me***\Ϲo ]Ɋ& 7!X\Ϲo* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0+\Ϲo ]Ɋ& !\Ϲo+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7f8ac239-6734-486a-a584-41e6ca6c007e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X+ϖS ElfChnk,[,[X{L\UMu=VysMc&&**@,o ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!o, F&F%g>9{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7f8ac239-6734-486a-a584-41e6ca6c007e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X-o ]Ɋ& !Xo- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ad524f42-5382-4ecc-b0cb-83a940b1d163 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=733X**p.o ]Ɋ& !Xo. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ad524f42-5382-4ecc-b0cb-83a940b1d163 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**h/o ]Ɋ& !Xo/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ad524f42-5382-4ecc-b0cb-83a940b1d163 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`0o ]Ɋ& !Xo0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ad524f42-5382-4ecc-b0cb-83a940b1d163 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`1o ]Ɋ& !Xo1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ad524f42-5382-4ecc-b0cb-83a940b1d163 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**h2o ]Ɋ& !Xo2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ad524f42-5382-4ecc-b0cb-83a940b1d163 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**3o ]Ɋ&  !o3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ad524f42-5382-4ecc-b0cb-83a940b1d163 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=76ef2d6d-cc76-4d3b-961c-afde4b48beb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**4o ]Ɋ& !o4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ad524f42-5382-4ecc-b0cb-83a940b1d163 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=76ef2d6d-cc76-4d3b-961c-afde4b48beb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**85o ]Ɋ& !Xo5 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a37c6894-8c79-453d-b5e4-56d9aa088d9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**P6o ]Ɋ& !Xo6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a37c6894-8c79-453d-b5e4-56d9aa088d9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**P7o ]Ɋ& !Xo7 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a37c6894-8c79-453d-b5e4-56d9aa088d9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**H8o ]Ɋ& !Xo8 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a37c6894-8c79-453d-b5e4-56d9aa088d9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**H9o ]Ɋ& !Xo9 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a37c6894-8c79-453d-b5e4-56d9aa088d9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**H:o ]Ɋ& !Xo: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a37c6894-8c79-453d-b5e4-56d9aa088d9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**;o ]Ɋ& !o; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a37c6894-8c79-453d-b5e4-56d9aa088d9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=659ee1f9-1cfa-45bf-815e-0ba13860d322 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**<o ]Ɋ& !o< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a37c6894-8c79-453d-b5e4-56d9aa088d9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=659ee1f9-1cfa-45bf-815e-0ba13860d322 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**X=o ]Ɋ& !Xo= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=146d0e3c-95d4-44d1-aa12-24fbafadb562 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-a2fX**p>o ]Ɋ& !Xo> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=146d0e3c-95d4-44d1-aa12-24fbafadb562 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h?o ]Ɋ& !Xo? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=146d0e3c-95d4-44d1-aa12-24fbafadb562 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`@o ]Ɋ& !Xo@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=146d0e3c-95d4-44d1-aa12-24fbafadb562 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2-`**`Ao ]Ɋ& !XoA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=146d0e3c-95d4-44d1-aa12-24fbafadb562 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`Bo ]Ɋ& !XoB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=146d0e3c-95d4-44d1-aa12-24fbafadb562 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Co ]Ɋ& !oC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=146d0e3c-95d4-44d1-aa12-24fbafadb562 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c27ec16e-570c-46ba-b50a-6c66bad7f76e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**Do ]Ɋ& !oD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=146d0e3c-95d4-44d1-aa12-24fbafadb562 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c27ec16e-570c-46ba-b50a-6c66bad7f76e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(E1o ]Ɋ& !X1oE F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7e7f061c-42a0-4f24-9a5c-e27dc4db302d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@F1o ]Ɋ& !X1oF F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7e7f061c-42a0-4f24-9a5c-e27dc4db302d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@G1o ]Ɋ& !X1oG F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7e7f061c-42a0-4f24-9a5c-e27dc4db302d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8H1o ]Ɋ& !X1oH F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7e7f061c-42a0-4f24-9a5c-e27dc4db302d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8I1o ]Ɋ& !X1oI F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7e7f061c-42a0-4f24-9a5c-e27dc4db302d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8J1o ]Ɋ& !X1oJ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7e7f061c-42a0-4f24-9a5c-e27dc4db302d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**K1o ]Ɋ& !1oK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7e7f061c-42a0-4f24-9a5c-e27dc4db302d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=37662ab4-d646-4300-bb42-7aa2a83dcc80 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **LLʼo ]Ɋ& !LʼoL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7e7f061c-42a0-4f24-9a5c-e27dc4db302d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=37662ab4-d646-4300-bb42-7aa2a83dcc80 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**XMbo ]Ɋ& !XboM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4f48b29c-4791-4226-879d-20c3f416d8be HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pNbo ]Ɋ& !XboN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4f48b29c-4791-4226-879d-20c3f416d8be HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pObo ]Ɋ& !XboO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4f48b29c-4791-4226-879d-20c3f416d8be HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**hPbo ]Ɋ& !XboP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4f48b29c-4791-4226-879d-20c3f416d8be HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**hQbo ]Ɋ& !XboQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4f48b29c-4791-4226-879d-20c3f416d8be HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**hRbo ]Ɋ& !XboR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4f48b29c-4791-4226-879d-20c3f416d8be HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh**Sbo ]Ɋ&  !boS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4f48b29c-4791-4226-879d-20c3f416d8be HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a47f9d06-3bce-4609-8a8e-96c7cb70e46a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Tyo ]Ɋ& !yoT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4f48b29c-4791-4226-879d-20c3f416d8be HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a47f9d06-3bce-4609-8a8e-96c7cb70e46a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**Uyo ]Ɋ& '!XyoU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1da34e5c-b2b6-4292-9edd-499132f4033b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**Vyo ]Ɋ& ?!XyoV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1da34e5c-b2b6-4292-9edd-499132f4033b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**Wyo ]Ɋ& ;!XyoW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1da34e5c-b2b6-4292-9edd-499132f4033b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xyo ]Ɋ& 3!XyoX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1da34e5c-b2b6-4292-9edd-499132f4033b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro**Yyo ]Ɋ& 3!XyoY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1da34e5c-b2b6-4292-9edd-499132f4033b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Zyo ]Ɋ& 5!XyoZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1da34e5c-b2b6-4292-9edd-499132f4033b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0[o ]Ɋ& !o[ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1da34e5c-b2b6-4292-9edd-499132f4033b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7f390dfc-8c5a-4aaf-8d5c-214dd579f549 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os,o\ F&on=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7f8ac239-6734-486a-a584-41e6ca6c007e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X+ϖS ElfChnk\\/mS Mu=VysMc&&**@ \,o ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!,o\ F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1da34e5c-b2b6-4292-9edd-499132f4033b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7f390dfc-8c5a-4aaf-8d5c-214dd579f549 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ **]˝ ]Ɋ& )!X˝] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=25fd565c-c2eb-4e9d-b455-0af98d079dfb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=3 **^˝ ]Ɋ& A!X˝^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=25fd565c-c2eb-4e9d-b455-0af98d079dfb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNa**_˝ ]Ɋ& =!X˝_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=25fd565c-c2eb-4e9d-b455-0af98d079dfb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**`˝ ]Ɋ& 5!X˝` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=25fd565c-c2eb-4e9d-b455-0af98d079dfb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **a˝ ]Ɋ& 5!X˝a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=25fd565c-c2eb-4e9d-b455-0af98d079dfb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**b˝ ]Ɋ& 7!X˝b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=25fd565c-c2eb-4e9d-b455-0af98d079dfb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0c˝ ]Ɋ& !˝c F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=25fd565c-c2eb-4e9d-b455-0af98d079dfb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8ca834e3-ee64-4757-820f-d7301610837d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@d! ]Ɋ& !!d F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=25fd565c-c2eb-4e9d-b455-0af98d079dfb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8ca834e3-ee64-4757-820f-d7301610837d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**Xe! ]Ɋ& !X!e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d9fd069a-10d4-4564-97c3-625393f474b3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**pf! ]Ɋ& !X!f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d9fd069a-10d4-4564-97c3-625393f474b3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**hg! ]Ɋ& !X!g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d9fd069a-10d4-4564-97c3-625393f474b3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`h! ]Ɋ& !X!h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d9fd069a-10d4-4564-97c3-625393f474b3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`i! ]Ɋ& !X!i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d9fd069a-10d4-4564-97c3-625393f474b3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**hj! ]Ɋ& !X!j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d9fd069a-10d4-4564-97c3-625393f474b3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**k! ]Ɋ&  !!k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d9fd069a-10d4-4564-97c3-625393f474b3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2a09b24-1900-4081-92f2-1a92e7457d61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **l! ]Ɋ& !!l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d9fd069a-10d4-4564-97c3-625393f474b3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2a09b24-1900-4081-92f2-1a92e7457d61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8m! ]Ɋ& !X!m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=90959c05-fc9f-442c-a763-077650211eb0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**Pn! ]Ɋ& !X!n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=90959c05-fc9f-442c-a763-077650211eb0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**Po! ]Ɋ& !X!o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=90959c05-fc9f-442c-a763-077650211eb0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**Hp! ]Ɋ& !X!p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=90959c05-fc9f-442c-a763-077650211eb0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**Hq! ]Ɋ& !X!q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=90959c05-fc9f-442c-a763-077650211eb0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**Hr! ]Ɋ& !X!r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=90959c05-fc9f-442c-a763-077650211eb0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**s! ]Ɋ& !!s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=90959c05-fc9f-442c-a763-077650211eb0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8211022a-4993-43c9-8df1-7b6a18708d64 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**t ]Ɋ& !t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=90959c05-fc9f-442c-a763-077650211eb0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8211022a-4993-43c9-8df1-7b6a18708d64 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**Xu ]Ɋ& !Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e862c147-f087-4ed5-8179-ce16a0ec0d38 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**pv ]Ɋ& !Xv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e862c147-f087-4ed5-8179-ce16a0ec0d38 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**hw ]Ɋ& !Xw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e862c147-f087-4ed5-8179-ce16a0ec0d38 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`x ]Ɋ& !Xx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e862c147-f087-4ed5-8179-ce16a0ec0d38 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`y ]Ɋ& !Xy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e862c147-f087-4ed5-8179-ce16a0ec0d38 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`z ]Ɋ& !Xz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e862c147-f087-4ed5-8179-ce16a0ec0d38 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**{ ]Ɋ& !{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e862c147-f087-4ed5-8179-ce16a0ec0d38 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=36f579f3-bbc3-4e58-982f-b50c0f1e8525 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**| ]Ɋ& !| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e862c147-f087-4ed5-8179-ce16a0ec0d38 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=36f579f3-bbc3-4e58-982f-b50c0f1e8525 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(} ]Ɋ& !X} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c57ac584-715a-42f8-b4b3-b331d9fe091d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@~ ]Ɋ& !X~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c57ac584-715a-42f8-b4b3-b331d9fe091d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c57ac584-715a-42f8-b4b3-b331d9fe091d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c57ac584-715a-42f8-b4b3-b331d9fe091d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c57ac584-715a-42f8-b4b3-b331d9fe091d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c57ac584-715a-42f8-b4b3-b331d9fe091d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c57ac584-715a-42f8-b4b3-b331d9fe091d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4f2a6f78-8106-4d07-abcb-ca2d08a67302 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**N. ]Ɋ& !N. F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c57ac584-715a-42f8-b4b3-b331d9fe091d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4f2a6f78-8106-4d07-abcb-ca2d08a67302 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**X{_ ]Ɋ& !X{_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e770a51f-e015-425f-a5f2-15c76f8a8057 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p{_ ]Ɋ& !X{_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e770a51f-e015-425f-a5f2-15c76f8a8057 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p{_ ]Ɋ& !X{_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e770a51f-e015-425f-a5f2-15c76f8a8057 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**h{_ ]Ɋ& !X{_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e770a51f-e015-425f-a5f2-15c76f8a8057 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**h{_ ]Ɋ& !X{_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e770a51f-e015-425f-a5f2-15c76f8a8057 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=132h**h{_ ]Ɋ& !X{_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e770a51f-e015-425f-a5f2-15c76f8a8057 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**{_ ]Ɋ&  !{_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e770a51f-e015-425f-a5f2-15c76f8a8057 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=875b59a6-7dc7-433d-a1a8-8b614ef334e3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e770a51f-e015-425f-a5f2-15c76f8a8057 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=875b59a6-7dc7-433d-a1a8-8b614ef334e3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6b491f61-6e95-44d7-99a7-8bce9f76ebf3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(n-US')))}} | ]Ɋ& dOX F&=4.0 RunspaceId=7f390dfc-8c5a-4aaf-8d5c-214dd579f549 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os,o\ F&on=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7f8ac239-6734-486a-a584-41e6ca6c007e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X+ϖS ElfChnk0i]EMu=VysMc&&**  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6b491f61-6e95-44d7-99a7-8bce9f76ebf3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt ** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6b491f61-6e95-44d7-99a7-8bce9f76ebf3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6b491f61-6e95-44d7-99a7-8bce9f76ebf3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6b491f61-6e95-44d7-99a7-8bce9f76ebf3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6b491f61-6e95-44d7-99a7-8bce9f76ebf3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6b491f61-6e95-44d7-99a7-8bce9f76ebf3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d07c7585-39d3-400a-9f8d-8d370e028b3c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI0**@?) ]Ɋ& !?) F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6b491f61-6e95-44d7-99a7-8bce9f76ebf3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d07c7585-39d3-400a-9f8d-8d370e028b3c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@** ]Ɋ& )!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3ccca57a-ca7a-4e6c-bc84-b9ab15857657 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth** ]Ɋ& A!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3ccca57a-ca7a-4e6c-bc84-b9ab15857657 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntiv** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3ccca57a-ca7a-4e6c-bc84-b9ab15857657 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-** ]Ɋ& 5!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3ccca57a-ca7a-4e6c-bc84-b9ab15857657 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=06** ]Ɋ& 5!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3ccca57a-ca7a-4e6c-bc84-b9ab15857657 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um** ]Ɋ& 7!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3ccca57a-ca7a-4e6c-bc84-b9ab15857657 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0 ]Ɋ& ! F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3ccca57a-ca7a-4e6c-bc84-b9ab15857657 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1ca521f5-5494-4e1b-aa92-e6b78a42d8c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3ccca57a-ca7a-4e6c-bc84-b9ab15857657 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1ca521f5-5494-4e1b-aa92-e6b78a42d8c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= @**X"+ ]Ɋ& !X"+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d564c0e8-0355-4d5b-a07c-13612a731993 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==X**p"+ ]Ɋ& !X"+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d564c0e8-0355-4d5b-a07c-13612a731993 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**h"+ ]Ɋ& !X"+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d564c0e8-0355-4d5b-a07c-13612a731993 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`"+ ]Ɋ& !X"+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d564c0e8-0355-4d5b-a07c-13612a731993 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`"+ ]Ɋ& !X"+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d564c0e8-0355-4d5b-a07c-13612a731993 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h"+ ]Ɋ& !X"+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d564c0e8-0355-4d5b-a07c-13612a731993 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**"+ ]Ɋ&  !"+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d564c0e8-0355-4d5b-a07c-13612a731993 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=acb8deec-7746-4f15-931f-c917f93a0f47 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**"+ ]Ɋ& !"+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d564c0e8-0355-4d5b-a07c-13612a731993 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=acb8deec-7746-4f15-931f-c917f93a0f47 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8"+ ]Ɋ& !X"+ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e3e96aec-8126-4615-a752-e4e581ed1a23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v8**P"+ ]Ɋ& !X"+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e3e96aec-8126-4615-a752-e4e581ed1a23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P"+ ]Ɋ& !X"+ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e3e96aec-8126-4615-a752-e4e581ed1a23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H"+ ]Ɋ& !X"+ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e3e96aec-8126-4615-a752-e4e581ed1a23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H"+ ]Ɋ& !X"+ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e3e96aec-8126-4615-a752-e4e581ed1a23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H"+ ]Ɋ& !X"+ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e3e96aec-8126-4615-a752-e4e581ed1a23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**"+ ]Ɋ& !"+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e3e96aec-8126-4615-a752-e4e581ed1a23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec7a8780-bb0b-42b7-83b8-b886cc9eaa51 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****"+ ]Ɋ& !"+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e3e96aec-8126-4615-a752-e4e581ed1a23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec7a8780-bb0b-42b7-83b8-b886cc9eaa51 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ed4e8895-8441-4120-b8cb-5a4c99fdc1b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ed4e8895-8441-4120-b8cb-5a4c99fdc1b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ed4e8895-8441-4120-b8cb-5a4c99fdc1b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ed4e8895-8441-4120-b8cb-5a4c99fdc1b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ed4e8895-8441-4120-b8cb-5a4c99fdc1b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ed4e8895-8441-4120-b8cb-5a4c99fdc1b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ed4e8895-8441-4120-b8cb-5a4c99fdc1b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5285aa00-2128-4644-8b66-652e33899d8c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ed4e8895-8441-4120-b8cb-5a4c99fdc1b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5285aa00-2128-4644-8b66-652e33899d8c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cf887f76-b045-4bb6-88eb-2447a6b2a6f7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cf887f76-b045-4bb6-88eb-2447a6b2a6f7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cf887f76-b045-4bb6-88eb-2447a6b2a6f7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= en@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cf887f76-b045-4bb6-88eb-2447a6b2a6f7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cf887f76-b045-4bb6-88eb-2447a6b2a6f7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine={_8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cf887f76-b045-4bb6-88eb-2447a6b2a6f7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cf887f76-b045-4bb6-88eb-2447a6b2a6f7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f834e9ef-b961-4ab2-bd5a-3880417a1c29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='i**O\ ]Ɋ& !O\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cf887f76-b045-4bb6-88eb-2447a6b2a6f7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f834e9ef-b961-4ab2-bd5a-3880417a1c29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | f**X| ]Ɋ& !X| F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2de06fa8-3400-428e-84a1-4675db798ed6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p| ]Ɋ& !X| F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2de06fa8-3400-428e-84a1-4675db798ed6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=op**p| ]Ɋ& !X| F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2de06fa8-3400-428e-84a1-4675db798ed6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,Dp**h| ]Ɋ& !X| F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2de06fa8-3400-428e-84a1-4675db798ed6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nabhd | Out-Stri ]Ɋ& d=X| F&a6c007e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X+ϖS ElfChnk$5'"Mu=VysMc&&**h | ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!X| F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2de06fa8-3400-428e-84a1-4675db798ed6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h| ]Ɋ& !X| F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2de06fa8-3400-428e-84a1-4675db798ed6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**| ]Ɋ&  !| F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2de06fa8-3400-428e-84a1-4675db798ed6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=01d556fd-74a6-4f1d-9d50-5a4476667ab3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**& ]Ɋ& !& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2de06fa8-3400-428e-84a1-4675db798ed6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=01d556fd-74a6-4f1d-9d50-5a4476667ab3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**& ]Ɋ& '!X& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=58c9db2e-eeb1-4934-95b6-890ddf0fe1c0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**& ]Ɋ& ?!X& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=58c9db2e-eeb1-4934-95b6-890ddf0fe1c0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**& ]Ɋ& ;!X& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=58c9db2e-eeb1-4934-95b6-890ddf0fe1c0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9ab**& ]Ɋ& 3!X& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=58c9db2e-eeb1-4934-95b6-890ddf0fe1c0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**& ]Ɋ& 3!X& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=58c9db2e-eeb1-4934-95b6-890ddf0fe1c0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b15**& ]Ɋ& 5!X& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=58c9db2e-eeb1-4934-95b6-890ddf0fe1c0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0& ]Ɋ& !& F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=58c9db2e-eeb1-4934-95b6-890ddf0fe1c0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fb9ca1fa-4399-47cf-9224-931ac1ed1ce4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=58c9db2e-eeb1-4934-95b6-890ddf0fe1c0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fb9ca1fa-4399-47cf-9224-931ac1ed1ce4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**+4 ]Ɋ& )!X+4 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ecd6c387-755f-4c2c-86af-b756c969eab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **+4 ]Ɋ& A!X+4 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ecd6c387-755f-4c2c-86af-b756c969eab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**+4 ]Ɋ& =!X+4 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ecd6c387-755f-4c2c-86af-b756c969eab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**+4 ]Ɋ& 5!X+4 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ecd6c387-755f-4c2c-86af-b756c969eab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**+4 ]Ɋ& 5!X+4 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ecd6c387-755f-4c2c-86af-b756c969eab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**+4 ]Ɋ& 7!X+4 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ecd6c387-755f-4c2c-86af-b756c969eab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0+4 ]Ɋ& !+4 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ecd6c387-755f-4c2c-86af-b756c969eab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85b484c8-9a83-4830-8850-7788d95e8118 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@$5 ]Ɋ& !$5 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ecd6c387-755f-4c2c-86af-b756c969eab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85b484c8-9a83-4830-8850-7788d95e8118 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**X$5 ]Ɋ& !X$5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dc4283f1-2e32-42d3-b8eb-0f0b69dd10d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p$5 ]Ɋ& !X$5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dc4283f1-2e32-42d3-b8eb-0f0b69dd10d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**h$5 ]Ɋ& !X$5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dc4283f1-2e32-42d3-b8eb-0f0b69dd10d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`$5 ]Ɋ& !X$5 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dc4283f1-2e32-42d3-b8eb-0f0b69dd10d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`$5 ]Ɋ& !X$5 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dc4283f1-2e32-42d3-b8eb-0f0b69dd10d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h$5 ]Ɋ& !X$5 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dc4283f1-2e32-42d3-b8eb-0f0b69dd10d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**X5 ]Ɋ&  !X5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dc4283f1-2e32-42d3-b8eb-0f0b69dd10d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=289e5fde-b0ac-44b9-b05a-7fe890b8a365 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X5 ]Ɋ& !X5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dc4283f1-2e32-42d3-b8eb-0f0b69dd10d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=289e5fde-b0ac-44b9-b05a-7fe890b8a365 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8X5 ]Ɋ& !XX5 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=77b47b98-5be7-474c-971c-7a1533eafd99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**PX5 ]Ɋ& !XX5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=77b47b98-5be7-474c-971c-7a1533eafd99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PX5 ]Ɋ& !XX5 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=77b47b98-5be7-474c-971c-7a1533eafd99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**HX5 ]Ɋ& !XX5 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=77b47b98-5be7-474c-971c-7a1533eafd99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HX5 ]Ɋ& !XX5 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=77b47b98-5be7-474c-971c-7a1533eafd99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HX5 ]Ɋ& !XX5 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=77b47b98-5be7-474c-971c-7a1533eafd99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**X5 ]Ɋ& !X5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=77b47b98-5be7-474c-971c-7a1533eafd99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=827bd198-4fce-46f9-8917-016154d16a80 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**X5 ]Ɋ& !X5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=77b47b98-5be7-474c-971c-7a1533eafd99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=827bd198-4fce-46f9-8917-016154d16a80 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XU6 ]Ɋ& !XU6 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f7106857-7b6b-4299-8889-cf33e5653060 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**pU6 ]Ɋ& !XU6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f7106857-7b6b-4299-8889-cf33e5653060 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**hU6 ]Ɋ& !XU6 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f7106857-7b6b-4299-8889-cf33e5653060 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`U6 ]Ɋ& !XU6 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f7106857-7b6b-4299-8889-cf33e5653060 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`U6 ]Ɋ& !XU6 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f7106857-7b6b-4299-8889-cf33e5653060 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`U6 ]Ɋ& !XU6 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f7106857-7b6b-4299-8889-cf33e5653060 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**U6 ]Ɋ& !U6 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f7106857-7b6b-4299-8889-cf33e5653060 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58869793-0fea-4e9f-937b-8f198730f237 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**U6 ]Ɋ& !U6 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f7106857-7b6b-4299-8889-cf33e5653060 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58869793-0fea-4e9f-937b-8f198730f237 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(6 ]Ɋ& !X6 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=60176c5d-ad99-4b7f-9010-8e25e343fbfd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@6 ]Ɋ& !X6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=60176c5d-ad99-4b7f-9010-8e25e343fbfd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@6 ]Ɋ& !X6 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=60176c5d-ad99-4b7f-9010-8e25e343fbfd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@**86 ]Ɋ& !X6 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=60176c5d-ad99-4b7f-9010-8e25e343fbfd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da8**86 ]Ɋ& !X6 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=60176c5d-ad99-4b7f-9010-8e25e343fbfd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\Un8**86 ]Ɋ& !X6 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=60176c5d-ad99-4b7f-9010-8e25e343fbfd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on8**6 ]Ɋ& !6 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=60176c5d-ad99-4b7f-9010-8e25e343fbfd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=834cee7d-463b-4f05-82ac-08e993fb87cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id CommandNam ]Ɋ&  7 F&+ϖS ElfChnk%%pFeVڢMu=VysMc&&** 7 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! y!7 F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=60176c5d-ad99-4b7f-9010-8e25e343fbfd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=834cee7d-463b-4f05-82ac-08e993fb87cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xv9 ]Ɋ& !Xv9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c1894a0d-5270-4fde-8d47-cfa8ad0a6948 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sX**pv9 ]Ɋ& !Xv9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c1894a0d-5270-4fde-8d47-cfa8ad0a6948 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pv9 ]Ɋ& !Xv9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c1894a0d-5270-4fde-8d47-cfa8ad0a6948 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izep**hv9 ]Ɋ& !Xv9 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c1894a0d-5270-4fde-8d47-cfa8ad0a6948 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**hv9 ]Ɋ& !Xv9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c1894a0d-5270-4fde-8d47-cfa8ad0a6948 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**hv9 ]Ɋ& !Xv9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c1894a0d-5270-4fde-8d47-cfa8ad0a6948 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&h**v9 ]Ɋ&  !v9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c1894a0d-5270-4fde-8d47-cfa8ad0a6948 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f1e1208-f8be-44cd-8bf0-850fe3c30848 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov** : ]Ɋ& ! : F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c1894a0d-5270-4fde-8d47-cfa8ad0a6948 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f1e1208-f8be-44cd-8bf0-850fe3c30848 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host** : ]Ɋ& '!X : F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2319a031-1f7e-4ee7-8268-ae557912fc39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4** : ]Ɋ& ?!X : F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2319a031-1f7e-4ee7-8268-ae557912fc39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1** : ]Ɋ& ;!X : F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2319a031-1f7e-4ee7-8268-ae557912fc39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta** : ]Ɋ& 3!X : F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2319a031-1f7e-4ee7-8268-ae557912fc39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=** : ]Ɋ& 3!X : F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2319a031-1f7e-4ee7-8268-ae557912fc39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ate** : ]Ɋ& 5!X : F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2319a031-1f7e-4ee7-8268-ae557912fc39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**0 : ]Ɋ& ! : F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2319a031-1f7e-4ee7-8268-ae557912fc39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=dba7359e-0b82-437f-b7dd-d08d35c2a3c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st0**@; ]Ɋ& !; F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2319a031-1f7e-4ee7-8268-ae557912fc39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=dba7359e-0b82-437f-b7dd-d08d35c2a3c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam@**0 ]Ɋ& )!X0 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7f47803b-cef8-452a-a543-69f57dabcaa4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**0 ]Ɋ& A!X0 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7f47803b-cef8-452a-a543-69f57dabcaa4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**0 ]Ɋ& =!X0 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7f47803b-cef8-452a-a543-69f57dabcaa4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**0 ]Ɋ& 5!X0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7f47803b-cef8-452a-a543-69f57dabcaa4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI** 0 ]Ɋ& 5!X0  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7f47803b-cef8-452a-a543-69f57dabcaa4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq** 0 ]Ɋ& 7!X0  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7f47803b-cef8-452a-a543-69f57dabcaa4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0 0 ]Ɋ& !0  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7f47803b-cef8-452a-a543-69f57dabcaa4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=18338889-622c-453d-a266-893947dd9bfb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ D ]Ɋ& !D  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7f47803b-cef8-452a-a543-69f57dabcaa4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=18338889-622c-453d-a266-893947dd9bfb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X ] ]Ɋ& !X]  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f290c269-85d8-4dae-8092-187291fcd8aa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CX**p] ]Ɋ& !X] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f290c269-85d8-4dae-8092-187291fcd8aa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**h] ]Ɋ& !X] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f290c269-85d8-4dae-8092-187291fcd8aa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`] ]Ɋ& !X] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f290c269-85d8-4dae-8092-187291fcd8aa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`] ]Ɋ& !X] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f290c269-85d8-4dae-8092-187291fcd8aa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h] ]Ɋ& !X] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f290c269-85d8-4dae-8092-187291fcd8aa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**] ]Ɋ&  !] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f290c269-85d8-4dae-8092-187291fcd8aa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2eef69ee-bb01-4bc9-870f-9b9ac08e77ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**] ]Ɋ& !] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f290c269-85d8-4dae-8092-187291fcd8aa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2eef69ee-bb01-4bc9-870f-9b9ac08e77ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ew**8] ]Ɋ& !X] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=af83cfb9-0371-47fd-804f-e2f8e8a8b39a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P] ]Ɋ& !X] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=af83cfb9-0371-47fd-804f-e2f8e8a8b39a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P] ]Ɋ& !X] F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=af83cfb9-0371-47fd-804f-e2f8e8a8b39a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H] ]Ɋ& !X] F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=af83cfb9-0371-47fd-804f-e2f8e8a8b39a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H] ]Ɋ& !X] F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=af83cfb9-0371-47fd-804f-e2f8e8a8b39a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H] ]Ɋ& !X] F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=af83cfb9-0371-47fd-804f-e2f8e8a8b39a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**] ]Ɋ& !] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=af83cfb9-0371-47fd-804f-e2f8e8a8b39a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d34ff4c-7766-48a8-ad46-e7ff7f12b269 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**u ]Ɋ& !u F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=af83cfb9-0371-47fd-804f-e2f8e8a8b39a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d34ff4c-7766-48a8-ad46-e7ff7f12b269 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xu ]Ɋ& !Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5b12144d-b406-4fea-baf6-2acd9cc7c5d6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPatX**pu ]Ɋ& !Xu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5b12144d-b406-4fea-baf6-2acd9cc7c5d6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginp**hu ]Ɋ& !Xu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5b12144d-b406-4fea-baf6-2acd9cc7c5d6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alh**` u ]Ɋ& !Xu  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5b12144d-b406-4fea-baf6-2acd9cc7c5d6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fi`**`!u ]Ɋ& !Xu! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5b12144d-b406-4fea-baf6-2acd9cc7c5d6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`"u ]Ɋ& !Xu" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5b12144d-b406-4fea-baf6-2acd9cc7c5d6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**#u ]Ɋ& !u# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5b12144d-b406-4fea-baf6-2acd9cc7c5d6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c51534db-293d-494e-8900-65a4a1cd3950 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$u ]Ɋ& !u$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5b12144d-b406-4fea-baf6-2acd9cc7c5d6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c51534db-293d-494e-8900-65a4a1cd3950 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(%u ]Ɋ& !Xu% F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=775fc211-cfdf-457a-8a65-6b9daddcb845 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(andType= S ]Ɋ&  Xu& F&  7 F&+ϖS ElfChnk&V&V0^L8 Mu=VysMc&&**H &u ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! '!Xu& F&F%g>9{p(xlMD EventDatauoData !BinarytEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=775fc211-cfdf-457a-8a65-6b9daddcb845 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptH **@'u ]Ɋ& !Xu' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=775fc211-cfdf-457a-8a65-6b9daddcb845 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIn@**8(u ]Ɋ& !Xu( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=775fc211-cfdf-457a-8a65-6b9daddcb845 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=isp8**8)u ]Ɋ& !Xu) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=775fc211-cfdf-457a-8a65-6b9daddcb845 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8*u ]Ɋ& !Xu* F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=775fc211-cfdf-457a-8a65-6b9daddcb845 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc8**+u ]Ɋ& !u+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=775fc211-cfdf-457a-8a65-6b9daddcb845 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=00eb040e-3101-4c84-a852-cf1e3545b83f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**, ]Ɋ& !, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=775fc211-cfdf-457a-8a65-6b9daddcb845 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=00eb040e-3101-4c84-a852-cf1e3545b83f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNa**X-N ]Ɋ& !XN- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b0335324-6a1a-4082-be0e-fcefd2c2e6fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p.N ]Ɋ& !XN. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b0335324-6a1a-4082-be0e-fcefd2c2e6fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p/N ]Ɋ& !XN/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b0335324-6a1a-4082-be0e-fcefd2c2e6fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f1ep**h0N ]Ɋ& !XN0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b0335324-6a1a-4082-be0e-fcefd2c2e6fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**h1N ]Ɋ& !XN1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b0335324-6a1a-4082-be0e-fcefd2c2e6fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= :h**h2N ]Ɋ& !XN2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b0335324-6a1a-4082-be0e-fcefd2c2e6fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**3N ]Ɋ&  !N3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b0335324-6a1a-4082-be0e-fcefd2c2e6fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b8550e32-76ed-4241-8155-3e3a7bb2bb2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**4p ]Ɋ& !p4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b0335324-6a1a-4082-be0e-fcefd2c2e6fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b8550e32-76ed-4241-8155-3e3a7bb2bb2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wers**5p ]Ɋ& '!Xp5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=769ae6ba-cdf6-451b-9a5b-c0f295b9f6ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**6p ]Ɋ& ?!Xp6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=769ae6ba-cdf6-451b-9a5b-c0f295b9f6ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**7p ]Ɋ& ;!Xp7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=769ae6ba-cdf6-451b-9a5b-c0f295b9f6ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**8p ]Ɋ& 3!Xp8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=769ae6ba-cdf6-451b-9a5b-c0f295b9f6ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**9p ]Ɋ& 3!Xp9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=769ae6ba-cdf6-451b-9a5b-c0f295b9f6ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**:p ]Ɋ& 5!Xp: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=769ae6ba-cdf6-451b-9a5b-c0f295b9f6ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0;p ]Ɋ& !p; F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=769ae6ba-cdf6-451b-9a5b-c0f295b9f6ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ba62d716-6c03-4005-a077-c98de1ce79b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a40**@<{  ]Ɋ& !{ < F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=769ae6ba-cdf6-451b-9a5b-c0f295b9f6ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ba62d716-6c03-4005-a077-c98de1ce79b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**== : ]Ɋ& )!X= := F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e000babe-b15e-4b58-a6d6-ff183c4aef0e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam**>= : ]Ɋ& A!X= :> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e000babe-b15e-4b58-a6d6-ff183c4aef0e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**?= : ]Ɋ& =!X= :? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e000babe-b15e-4b58-a6d6-ff183c4aef0e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= A**@= : ]Ɋ& 5!X= :@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e000babe-b15e-4b58-a6d6-ff183c4aef0e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**A= : ]Ɋ& 5!X= :A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e000babe-b15e-4b58-a6d6-ff183c4aef0e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**B= : ]Ɋ& 7!X= :B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e000babe-b15e-4b58-a6d6-ff183c4aef0e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0C= : ]Ɋ& != :C F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e000babe-b15e-4b58-a6d6-ff183c4aef0e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85bec2c1-0c47-4ecf-b4ca-35df043bf350 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@Dj ": ]Ɋ& !j ":D F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e000babe-b15e-4b58-a6d6-ff183c4aef0e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85bec2c1-0c47-4ecf-b4ca-35df043bf350 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XEj ": ]Ɋ& !Xj ":E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7eb8d7c0-9ebd-4869-8afc-3fbe226a9c03 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pFj ": ]Ɋ& !Xj ":F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7eb8d7c0-9ebd-4869-8afc-3fbe226a9c03 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hGj ": ]Ɋ& !Xj ":G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7eb8d7c0-9ebd-4869-8afc-3fbe226a9c03 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]h**`Hj ": ]Ɋ& !Xj ":H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7eb8d7c0-9ebd-4869-8afc-3fbe226a9c03 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Ij ": ]Ɋ& !Xj ":I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7eb8d7c0-9ebd-4869-8afc-3fbe226a9c03 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hJj ": ]Ɋ& !Xj ":J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7eb8d7c0-9ebd-4869-8afc-3fbe226a9c03 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**Kj ": ]Ɋ&  !j ":K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7eb8d7c0-9ebd-4869-8afc-3fbe226a9c03 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e82ec0cf-cc3a-4813-9588-e4c4545d9467 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Non**Lj ": ]Ɋ& !j ":L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7eb8d7c0-9ebd-4869-8afc-3fbe226a9c03 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e82ec0cf-cc3a-4813-9588-e4c4545d9467 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8Mj ": ]Ɋ& !Xj ":M F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=beb44205-0330-49a8-ad60-003266a41a8c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s 8**PNj ": ]Ɋ& !Xj ":N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=beb44205-0330-49a8-ad60-003266a41a8c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNP**POj ": ]Ɋ& !Xj ":O F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=beb44205-0330-49a8-ad60-003266a41a8c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StaP**HPj ": ]Ɋ& !Xj ":P F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=beb44205-0330-49a8-ad60-003266a41a8c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HQj ": ]Ɋ& !Xj ":Q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=beb44205-0330-49a8-ad60-003266a41a8c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HRj ": ]Ɋ& !Xj ":R F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=beb44205-0330-49a8-ad60-003266a41a8c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Sj ": ]Ɋ& !j ":S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=beb44205-0330-49a8-ad60-003266a41a8c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e5f362c-ea5e-4dcc-8ed9-dc9392ec7853 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**T": ]Ɋ& !":T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=beb44205-0330-49a8-ad60-003266a41a8c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e5f362c-ea5e-4dcc-8ed9-dc9392ec7853 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XU": ]Ɋ& !X":U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07a0470f-f24e-44fb-ab42-359bdd7d96f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pV": ]Ɋ& !X":V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07a0470f-f24e-44fb-ab42-359bdd7d96f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndTyp= ScriptNa ]Ɋ& = X":W F&  Xu& F&  7 F&+ϖS ElfChnkWW(xIPɒaCMu=VysMc&&**pW": ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!X":W F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07a0470f-f24e-44fb-ab42-359bdd7d96f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**`X": ]Ɋ& !X":X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07a0470f-f24e-44fb-ab42-359bdd7d96f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io`**`Y": ]Ɋ& !X":Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07a0470f-f24e-44fb-ab42-359bdd7d96f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le`**`Z": ]Ɋ& !X":Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07a0470f-f24e-44fb-ab42-359bdd7d96f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**[": ]Ɋ& !":[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07a0470f-f24e-44fb-ab42-359bdd7d96f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=721fc064-fd03-4e83-8aca-604889186687 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**\": ]Ɋ& !":\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07a0470f-f24e-44fb-ab42-359bdd7d96f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=721fc064-fd03-4e83-8aca-604889186687 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**(]": ]Ɋ& !X":] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c7f6917-747b-4d66-87b2-4c790f8fa56b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@^": ]Ɋ& !X":^ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c7f6917-747b-4d66-87b2-4c790f8fa56b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@_": ]Ɋ& !X":_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c7f6917-747b-4d66-87b2-4c790f8fa56b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 6@**8`": ]Ɋ& !X":` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c7f6917-747b-4d66-87b2-4c790f8fa56b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8a": ]Ɋ& !X":a F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c7f6917-747b-4d66-87b2-4c790f8fa56b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nst8**8b": ]Ɋ& !X":b F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c7f6917-747b-4d66-87b2-4c790f8fa56b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.08**c": ]Ɋ& !":c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c7f6917-747b-4d66-87b2-4c790f8fa56b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8931bef8-0e47-4c97-b167-a77b0c53fefd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **d;#: ]Ɋ& !;#:d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c7f6917-747b-4d66-87b2-4c790f8fa56b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8931bef8-0e47-4c97-b167-a77b0c53fefd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**Xel$: ]Ɋ& !Xl$:e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7d795cf1-d5c5-4961-aaba-d9a6cf7f1ef8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pfl$: ]Ɋ& !Xl$:f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7d795cf1-d5c5-4961-aaba-d9a6cf7f1ef8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pgl$: ]Ɋ& !Xl$:g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7d795cf1-d5c5-4961-aaba-d9a6cf7f1ef8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**hhl$: ]Ɋ& !Xl$:h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7d795cf1-d5c5-4961-aaba-d9a6cf7f1ef8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**hil$: ]Ɋ& !Xl$:i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7d795cf1-d5c5-4961-aaba-d9a6cf7f1ef8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**hjl$: ]Ɋ& !Xl$:j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7d795cf1-d5c5-4961-aaba-d9a6cf7f1ef8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**kl$: ]Ɋ&  !l$:k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7d795cf1-d5c5-4961-aaba-d9a6cf7f1ef8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=679a225e-00d5-4e75-b361-2a57b2d79901 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**lZ%: ]Ɋ& !Z%:l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7d795cf1-d5c5-4961-aaba-d9a6cf7f1ef8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=679a225e-00d5-4e75-b361-2a57b2d79901 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= . |**mZ%: ]Ɋ& '!XZ%:m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=df4da003-2225-490d-a66a-0ee9de2226ba HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**nZ%: ]Ɋ& ?!XZ%:n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=df4da003-2225-490d-a66a-0ee9de2226ba HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**oZ%: ]Ɋ& ;!XZ%:o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=df4da003-2225-490d-a66a-0ee9de2226ba HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c4a**pZ%: ]Ɋ& 3!XZ%:p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=df4da003-2225-490d-a66a-0ee9de2226ba HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**qZ%: ]Ɋ& 3!XZ%:q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=df4da003-2225-490d-a66a-0ee9de2226ba HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aef**rZ%: ]Ɋ& 5!XZ%:r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=df4da003-2225-490d-a66a-0ee9de2226ba HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0sZ%: ]Ɋ& !Z%:s F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=df4da003-2225-490d-a66a-0ee9de2226ba HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=201b4121-c77f-44a7-a2c3-85df558e78ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@t%: ]Ɋ& !%:t F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=df4da003-2225-490d-a66a-0ee9de2226ba HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=201b4121-c77f-44a7-a2c3-85df558e78ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**uqN ]Ɋ& )!XqNu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5323e442-b030-4df4-bf56-ac48a1fc4701 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com**vqN ]Ɋ& A!XqNv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5323e442-b030-4df4-bf56-ac48a1fc4701 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= **wqN ]Ɋ& =!XqNw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5323e442-b030-4df4-bf56-ac48a1fc4701 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut**xqN ]Ɋ& 5!XqNx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5323e442-b030-4df4-bf56-ac48a1fc4701 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 **yqN ]Ɋ& 5!XqNy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5323e442-b030-4df4-bf56-ac48a1fc4701 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**zqN ]Ɋ& 7!XqNz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5323e442-b030-4df4-bf56-ac48a1fc4701 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0{qN ]Ɋ& !qN{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5323e442-b030-4df4-bf56-ac48a1fc4701 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=882e67e4-e860-41d0-8193-679b1d33b9ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t0**@| O ]Ɋ& ! O| F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5323e442-b030-4df4-bf56-ac48a1fc4701 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=882e67e4-e860-41d0-8193-679b1d33b9ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=top@**X} O ]Ɋ& !X O} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=433d0132-5a67-46f4-8d17-11780684ce92 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p~ O ]Ɋ& !X O~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=433d0132-5a67-46f4-8d17-11780684ce92 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stp**h O ]Ɋ& !X O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=433d0132-5a67-46f4-8d17-11780684ce92 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**` O ]Ɋ& !X O F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=433d0132-5a67-46f4-8d17-11780684ce92 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n`**` O ]Ɋ& !X O F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=433d0132-5a67-46f4-8d17-11780684ce92 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**h O ]Ɋ& !X O F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=433d0132-5a67-46f4-8d17-11780684ce92 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Stah** O ]Ɋ&  ! O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=433d0132-5a67-46f4-8d17-11780684ce92 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d10c05a-9a79-4d3c-acd6-1e4567f2fa01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**O ]Ɋ& !O F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=433d0132-5a67-46f4-8d17-11780684ce92 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d10c05a-9a79-4d3c-acd6-1e4567f2fa01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**8O ]Ɋ& !XO F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1cd35a6a-73f6-4add-9dd6-726c1d6216ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**PO ]Ɋ& !XO F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1cd35a6a-73f6-4add-9dd6-726c1d6216ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ueP**PO ]Ɋ& !XO F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1cd35a6a-73f6-4add-9dd6-726c1d6216ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P  ]Ɋ& F&+XElfChnk0i&Mu=VysMc&&**HO ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!XO F&F%g>9{p(xlMD EventDatauoData !BinaryvFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1cd35a6a-73f6-4add-9dd6-726c1d6216ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**HO ]Ɋ& !XO F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1cd35a6a-73f6-4add-9dd6-726c1d6216ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**HO ]Ɋ& !XO F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1cd35a6a-73f6-4add-9dd6-726c1d6216ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ScrH**O ]Ɋ& !O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1cd35a6a-73f6-4add-9dd6-726c1d6216ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2cd949a-489b-4c4d-aa12-743b8d831d3f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**O ]Ɋ& !O F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1cd35a6a-73f6-4add-9dd6-726c1d6216ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2cd949a-489b-4c4d-aa12-743b8d831d3f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**XO ]Ɋ& !XO F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=005ce98a-49be-4003-b147-4c687d682c84 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoX**pO ]Ɋ& !XO F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=005ce98a-49be-4003-b147-4c687d682c84 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortp**hO ]Ɋ& !XO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=005ce98a-49be-4003-b147-4c687d682c84 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bah**`O ]Ɋ& !XO F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=005ce98a-49be-4003-b147-4c687d682c84 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`O ]Ɋ& !XO F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=005ce98a-49be-4003-b147-4c687d682c84 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq`**`O ]Ɋ& !XO F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=005ce98a-49be-4003-b147-4c687d682c84 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**O ]Ɋ& !O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=005ce98a-49be-4003-b147-4c687d682c84 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=db1f88a7-4b81-4ac2-955b-acf5a35706e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**;P ]Ɋ& !;P F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=005ce98a-49be-4003-b147-4c687d682c84 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=db1f88a7-4b81-4ac2-955b-acf5a35706e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **(;P ]Ɋ& !X;P F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=341e4600-7f33-4acd-adb1-bcc8cec950b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7(**@;P ]Ɋ& !X;P F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=341e4600-7f33-4acd-adb1-bcc8cec950b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V@**@;P ]Ɋ& !X;P F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=341e4600-7f33-4acd-adb1-bcc8cec950b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te'@**8;P ]Ɋ& !X;P F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=341e4600-7f33-4acd-adb1-bcc8cec950b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent8**8;P ]Ɋ& !X;P F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=341e4600-7f33-4acd-adb1-bcc8cec950b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t 8**8;P ]Ɋ& !X;P F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=341e4600-7f33-4acd-adb1-bcc8cec950b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**;P ]Ɋ& !;P F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=341e4600-7f33-4acd-adb1-bcc8cec950b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=64379a27-2958-4862-aeb2-cf59e41c6ca3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**JP ]Ɋ& !JP F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=341e4600-7f33-4acd-adb1-bcc8cec950b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=64379a27-2958-4862-aeb2-cf59e41c6ca3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ated**XwR ]Ɋ& !XwR F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40fd1573-745b-40b1-9a2d-d1cc3c394a8d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pwR ]Ɋ& !XwR F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40fd1573-745b-40b1-9a2d-d1cc3c394a8d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pwR ]Ɋ& !XwR F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40fd1573-745b-40b1-9a2d-d1cc3c394a8d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultp**hwR ]Ɋ& !XwR F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40fd1573-745b-40b1-9a2d-d1cc3c394a8d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthh**hwR ]Ɋ& !XwR F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40fd1573-745b-40b1-9a2d-d1cc3c394a8d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hwR ]Ɋ& !XwR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40fd1573-745b-40b1-9a2d-d1cc3c394a8d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nah**wR ]Ɋ&  !wR F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40fd1573-745b-40b1-9a2d-d1cc3c394a8d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aacadc04-7d8a-4244-8559-2651671432ad PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**R ]Ɋ& !R F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40fd1573-745b-40b1-9a2d-d1cc3c394a8d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aacadc04-7d8a-4244-8559-2651671432ad PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber=**R ]Ɋ& '!XR F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fbe3dae9-8f92-468f-937a-ae8c83461e20 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**R ]Ɋ& ?!XR F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fbe3dae9-8f92-468f-937a-ae8c83461e20 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **R ]Ɋ& ;!XR F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fbe3dae9-8f92-468f-937a-ae8c83461e20 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**R ]Ɋ& 3!XR F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fbe3dae9-8f92-468f-937a-ae8c83461e20 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ou**R ]Ɋ& 3!XR F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fbe3dae9-8f92-468f-937a-ae8c83461e20 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cti**R ]Ɋ& 5!XR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fbe3dae9-8f92-468f-937a-ae8c83461e20 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= -**0R ]Ɋ& !R F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fbe3dae9-8f92-468f-937a-ae8c83461e20 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9ebf32d7-12c5-441e-b24e-8624dd1de113 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te0**@6S ]Ɋ& !6S F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fbe3dae9-8f92-468f-937a-ae8c83461e20 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9ebf32d7-12c5-441e-b24e-8624dd1de113 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4-e8@**]' ]Ɋ& )!X]' F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8a414d15-4c93-4197-a972-9582bdfd83ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**]' ]Ɋ& A!X]' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8a414d15-4c93-4197-a972-9582bdfd83ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mIns**]' ]Ɋ& =!X]' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8a414d15-4c93-4197-a972-9582bdfd83ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-5**]' ]Ɋ& 5!X]' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8a414d15-4c93-4197-a972-9582bdfd83ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**]' ]Ɋ& 5!X]' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8a414d15-4c93-4197-a972-9582bdfd83ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**]' ]Ɋ& 7!X]' F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8a414d15-4c93-4197-a972-9582bdfd83ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0' ]Ɋ& !' F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8a414d15-4c93-4197-a972-9582bdfd83ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22b9d745-a312-484c-a617-6b1762a47317 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@L( ]Ɋ& !L( F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8a414d15-4c93-4197-a972-9582bdfd83ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22b9d745-a312-484c-a617-6b1762a47317 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**XL( ]Ɋ& !XL( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bd1e2f2c-f161-4f70-b6a7-25ce040de3f5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**pL( ]Ɋ& !XL( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bd1e2f2c-f161-4f70-b6a7-25ce040de3f5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**hL( ]Ɋ& !XL( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bd1e2f2c-f161-4f70-b6a7-25ce040de3f5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`L( ]Ɋ& !XL( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bd1e2f2c-f161-4f70-b6a7-25ce040de3f5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XL( F&XElfChnkmX!hMu=VysMc&&**hL( ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!XL( F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bd1e2f2c-f161-4f70-b6a7-25ce040de3f5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hL( ]Ɋ& !XL( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bd1e2f2c-f161-4f70-b6a7-25ce040de3f5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**L( ]Ɋ&  !L( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bd1e2f2c-f161-4f70-b6a7-25ce040de3f5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a9d46938-4dd9-4709-854e-02e0d3de766d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ**!( ]Ɋ& !!( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bd1e2f2c-f161-4f70-b6a7-25ce040de3f5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a9d46938-4dd9-4709-854e-02e0d3de766d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**8!( ]Ɋ& !X!( F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bc9dd292-7b6f-478e-b038-acf47d797ee8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P!( ]Ɋ& !X!( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bc9dd292-7b6f-478e-b038-acf47d797ee8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P!( ]Ɋ& !X!( F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bc9dd292-7b6f-478e-b038-acf47d797ee8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H!( ]Ɋ& !X!( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bc9dd292-7b6f-478e-b038-acf47d797ee8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H!( ]Ɋ& !X!( F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bc9dd292-7b6f-478e-b038-acf47d797ee8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H!( ]Ɋ& !X!( F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bc9dd292-7b6f-478e-b038-acf47d797ee8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H**!( ]Ɋ& !!( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bc9dd292-7b6f-478e-b038-acf47d797ee8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=78374946-eeae-447d-965e-c791b89c7af1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!( ]Ɋ& !!( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bc9dd292-7b6f-478e-b038-acf47d797ee8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=78374946-eeae-447d-965e-c791b89c7af1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X!( ]Ɋ& !X!( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2d881eeb-2753-41f5-9faf-ada9647bb91e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**p!( ]Ɋ& !X!( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2d881eeb-2753-41f5-9faf-ada9647bb91e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**h!( ]Ɋ& !X!( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2d881eeb-2753-41f5-9faf-ada9647bb91e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**`!( ]Ɋ& !X!( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2d881eeb-2753-41f5-9faf-ada9647bb91e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`!( ]Ɋ& !X!( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2d881eeb-2753-41f5-9faf-ada9647bb91e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`!( ]Ɋ& !X!( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2d881eeb-2753-41f5-9faf-ada9647bb91e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**!( ]Ɋ& !!( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2d881eeb-2753-41f5-9faf-ada9647bb91e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=36036013-d482-4c5c-a97b-263a95b430ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!( ]Ɋ& !!( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2d881eeb-2753-41f5-9faf-ada9647bb91e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=36036013-d482-4c5c-a97b-263a95b430ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**(}) ]Ɋ& !X}) F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cf051519-fe5b-4251-b718-400c5805b057 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@}) ]Ɋ& !X}) F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cf051519-fe5b-4251-b718-400c5805b057 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8@**@}) ]Ɋ& !X}) F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cf051519-fe5b-4251-b718-400c5805b057 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**8}) ]Ɋ& !X}) F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cf051519-fe5b-4251-b718-400c5805b057 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**8}) ]Ɋ& !X}) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cf051519-fe5b-4251-b718-400c5805b057 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5b-8**8}) ]Ɋ& !X}) F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cf051519-fe5b-4251-b718-400c5805b057 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**}) ]Ɋ& !}) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cf051519-fe5b-4251-b718-400c5805b057 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=69063b58-b72d-443e-a1ae-763c7a0c9e1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**N* ]Ɋ& !N* F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cf051519-fe5b-4251-b718-400c5805b057 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=69063b58-b72d-443e-a1ae-763c7a0c9e1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**X{G+ ]Ɋ& !X{G+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=765922be-64a3-4e6c-9232-2e07ade453e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p{G+ ]Ɋ& !X{G+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=765922be-64a3-4e6c-9232-2e07ade453e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**p{G+ ]Ɋ& !X{G+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=765922be-64a3-4e6c-9232-2e07ade453e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**h{G+ ]Ɋ& !X{G+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=765922be-64a3-4e6c-9232-2e07ade453e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**h{G+ ]Ɋ& !X{G+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=765922be-64a3-4e6c-9232-2e07ade453e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**h{G+ ]Ɋ& !X{G+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=765922be-64a3-4e6c-9232-2e07ade453e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**{G+ ]Ɋ&  !{G+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=765922be-64a3-4e6c-9232-2e07ade453e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58804f20-6f37-4098-a360-bc70de2c6b2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=765922be-64a3-4e6c-9232-2e07ade453e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58804f20-6f37-4098-a360-bc70de2c6b2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio**x, ]Ɋ& '!Xx, F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aac65be1-4c92-42a3-a707-7d363625799e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**x, ]Ɋ& ?!Xx, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aac65be1-4c92-42a3-a707-7d363625799e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**x, ]Ɋ& ;!Xx, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aac65be1-4c92-42a3-a707-7d363625799e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne**x, ]Ɋ& 3!Xx, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aac65be1-4c92-42a3-a707-7d363625799e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **x, ]Ɋ& 3!Xx, F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aac65be1-4c92-42a3-a707-7d363625799e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP**x, ]Ɋ& 5!Xx, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aac65be1-4c92-42a3-a707-7d363625799e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**0x, ]Ɋ& !x, F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aac65be1-4c92-42a3-a707-7d363625799e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8677561b-485f-4b2e-b093-a7597ff02d44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@>- ]Ɋ& !>- F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aac65be1-4c92-42a3-a707-7d363625799e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8677561b-485f-4b2e-b093-a7597ff02d44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @**TL ]Ɋ& )!XTL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2717dd51-205a-4c3e-8fbb-6c2c970bf6f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut-S**TL ]Ɋ& A!XTL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2717dd51-205a-4c3e-8fbb-6c2c970bf6f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 -C**TL ]Ɋ& =!XTL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2717dd51-205a-4c3e-8fbb-6c2c970bf6f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**TL ]Ɋ& 5!XTL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2717dd51-205a-4c3e-8fbb-6c2c970bf6f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on.0 HostId= ]Ɋ& icXTL F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XL( F&XElfChnkp'.Mu=VysMc&&**TL ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XTL F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2717dd51-205a-4c3e-8fbb-6c2c970bf6f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **TL ]Ɋ& 7!XTL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2717dd51-205a-4c3e-8fbb-6c2c970bf6f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0TL ]Ɋ& !TL F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2717dd51-205a-4c3e-8fbb-6c2c970bf6f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4ce439d-8aaf-4b50-9182-ed23849163d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@@UL ]Ɋ& !@UL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2717dd51-205a-4c3e-8fbb-6c2c970bf6f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4ce439d-8aaf-4b50-9182-ed23849163d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X@UL ]Ɋ& !X@UL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=81ff9a03-cdb3-411d-933f-af1da374bd1d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p@UL ]Ɋ& !X@UL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=81ff9a03-cdb3-411d-933f-af1da374bd1d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h@UL ]Ɋ& !X@UL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=81ff9a03-cdb3-411d-933f-af1da374bd1d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`@UL ]Ɋ& !X@UL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=81ff9a03-cdb3-411d-933f-af1da374bd1d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`@UL ]Ɋ& !X@UL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=81ff9a03-cdb3-411d-933f-af1da374bd1d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h@UL ]Ɋ& !X@UL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=81ff9a03-cdb3-411d-933f-af1da374bd1d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**DUL ]Ɋ&  !DUL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=81ff9a03-cdb3-411d-933f-af1da374bd1d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=afc7bdab-f62f-4d92-b2d5-d10a2962136f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **DUL ]Ɋ& !DUL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=81ff9a03-cdb3-411d-933f-af1da374bd1d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=afc7bdab-f62f-4d92-b2d5-d10a2962136f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8DUL ]Ɋ& !XDUL F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=025d16b4-62e3-4167-a795-8750069c27f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**PDUL ]Ɋ& !XDUL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=025d16b4-62e3-4167-a795-8750069c27f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**PDUL ]Ɋ& !XDUL F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=025d16b4-62e3-4167-a795-8750069c27f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**HDUL ]Ɋ& !XDUL F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=025d16b4-62e3-4167-a795-8750069c27f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**HDUL ]Ɋ& !XDUL F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=025d16b4-62e3-4167-a795-8750069c27f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**HDUL ]Ɋ& !XDUL F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=025d16b4-62e3-4167-a795-8750069c27f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**DUL ]Ɋ& !DUL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=025d16b4-62e3-4167-a795-8750069c27f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6d68111-fabe-486e-9f47-27ca3ca972ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**DUL ]Ɋ& !DUL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=025d16b4-62e3-4167-a795-8750069c27f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6d68111-fabe-486e-9f47-27ca3ca972ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**XqVL ]Ɋ& !XqVL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=94bdcbba-c60d-4b89-af33-c8abbd82a2b4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**pqVL ]Ɋ& !XqVL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=94bdcbba-c60d-4b89-af33-c8abbd82a2b4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**hqVL ]Ɋ& !XqVL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=94bdcbba-c60d-4b89-af33-c8abbd82a2b4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`qVL ]Ɋ& !XqVL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=94bdcbba-c60d-4b89-af33-c8abbd82a2b4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`qVL ]Ɋ& !XqVL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=94bdcbba-c60d-4b89-af33-c8abbd82a2b4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`qVL ]Ɋ& !XqVL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=94bdcbba-c60d-4b89-af33-c8abbd82a2b4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**qVL ]Ɋ& !qVL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=94bdcbba-c60d-4b89-af33-c8abbd82a2b4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a3205cab-e964-4f87-8896-eab841883b4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**qVL ]Ɋ& !qVL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=94bdcbba-c60d-4b89-af33-c8abbd82a2b4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a3205cab-e964-4f87-8896-eab841883b4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(qVL ]Ɋ& !XqVL F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=59059b6e-a948-41a1-b79c-db0bc522b647 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@qVL ]Ɋ& !XqVL F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=59059b6e-a948-41a1-b79c-db0bc522b647 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@qVL ]Ɋ& !XqVL F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=59059b6e-a948-41a1-b79c-db0bc522b647 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8qVL ]Ɋ& !XqVL F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=59059b6e-a948-41a1-b79c-db0bc522b647 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8 qVL ]Ɋ& !XqVL  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=59059b6e-a948-41a1-b79c-db0bc522b647 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8 qVL ]Ɋ& !XqVL  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=59059b6e-a948-41a1-b79c-db0bc522b647 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8** qVL ]Ɋ& !qVL  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=59059b6e-a948-41a1-b79c-db0bc522b647 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=122a00c7-6e23-4c6c-be0b-0f8047d92e53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g** q WL ]Ɋ& !q WL  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=59059b6e-a948-41a1-b79c-db0bc522b647 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=122a00c7-6e23-4c6c-be0b-0f8047d92e53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**X lYL ]Ɋ& !XlYL  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=00f924b0-40eb-4daf-941f-46fc494dcbfb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**plYL ]Ɋ& !XlYL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=00f924b0-40eb-4daf-941f-46fc494dcbfb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**plYL ]Ɋ& !XlYL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=00f924b0-40eb-4daf-941f-46fc494dcbfb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hlYL ]Ɋ& !XlYL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=00f924b0-40eb-4daf-941f-46fc494dcbfb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hlYL ]Ɋ& !XlYL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=00f924b0-40eb-4daf-941f-46fc494dcbfb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=636h**hlYL ]Ɋ& !XlYL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=00f924b0-40eb-4daf-941f-46fc494dcbfb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**lYL ]Ɋ&  !lYL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=00f924b0-40eb-4daf-941f-46fc494dcbfb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=64aab37b-6b01-409d-a8a2-c371a108e11d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**aZL ]Ɋ& !aZL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=00f924b0-40eb-4daf-941f-46fc494dcbfb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=64aab37b-6b01-409d-a8a2-c371a108e11d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**aZL ]Ɋ& '!XaZL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=95dadae0-cee7-41c7-8ac3-9c8618e62365 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**aZL ]Ɋ& ?!XaZL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=95dadae0-cee7-41c7-8ac3-9c8618e62365 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**aZL ]Ɋ& ;!XaZL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=95dadae0-cee7-41c7-8ac3-9c8618e62365 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **aZL ]Ɋ& 3!XaZL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=95dadae0-cee7-41c7-8ac3-9c8618e62365 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**aZL ]Ɋ& 3!XaZL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=95dadae0-cee7-41c7-8ac3-9c8618e62365 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& XaZL F& F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XL( F&XElfChnkKKp(<ЅCMu=VysMc&&** aZL ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XaZL F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=95dadae0-cee7-41c7-8ac3-9c8618e62365 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4c3 **0aZL ]Ɋ& !aZL F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=95dadae0-cee7-41c7-8ac3-9c8618e62365 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=aead6042-440b-4648-942e-df8b8d57d84b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ZL ]Ɋ& !ZL F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=95dadae0-cee7-41c7-8ac3-9c8618e62365 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=aead6042-440b-4648-942e-df8b8d57d84b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**M ]Ɋ& )!XM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=60f4bbcb-0a31-44b5-a728-baacbc7a38c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**M ]Ɋ& A!XM F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=60f4bbcb-0a31-44b5-a728-baacbc7a38c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **M ]Ɋ& =!XM F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=60f4bbcb-0a31-44b5-a728-baacbc7a38c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** M ]Ɋ& 5!XM  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=60f4bbcb-0a31-44b5-a728-baacbc7a38c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!M ]Ɋ& 5!XM! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=60f4bbcb-0a31-44b5-a728-baacbc7a38c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **"M ]Ɋ& 7!XM" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=60f4bbcb-0a31-44b5-a728-baacbc7a38c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0#M ]Ɋ& !M# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=60f4bbcb-0a31-44b5-a728-baacbc7a38c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5faf83b3-459d-4f24-8719-614f56e2b91a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@$巯 ]Ɋ& !巯$ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=60f4bbcb-0a31-44b5-a728-baacbc7a38c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5faf83b3-459d-4f24-8719-614f56e2b91a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**X%J~ ]Ɋ& !XJ~% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6ce07010-1312-47d5-b2ad-797ec48daee6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**p&J~ ]Ɋ& !XJ~& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6ce07010-1312-47d5-b2ad-797ec48daee6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**h'J~ ]Ɋ& !XJ~' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6ce07010-1312-47d5-b2ad-797ec48daee6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`(J~ ]Ɋ& !XJ~( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6ce07010-1312-47d5-b2ad-797ec48daee6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`)J~ ]Ɋ& !XJ~) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6ce07010-1312-47d5-b2ad-797ec48daee6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h*J~ ]Ɋ& !XJ~* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6ce07010-1312-47d5-b2ad-797ec48daee6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**+J~ ]Ɋ&  !J~+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6ce07010-1312-47d5-b2ad-797ec48daee6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=66b19b12-4b48-4731-b69b-ef4d86cded10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**,J~ ]Ɋ& !J~, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6ce07010-1312-47d5-b2ad-797ec48daee6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=66b19b12-4b48-4731-b69b-ef4d86cded10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8-J~ ]Ɋ& !XJ~- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=521c892a-bd47-47e2-a93a-fa44f0d48016 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**P.J~ ]Ɋ& !XJ~. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=521c892a-bd47-47e2-a93a-fa44f0d48016 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**P/J~ ]Ɋ& !XJ~/ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=521c892a-bd47-47e2-a93a-fa44f0d48016 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**H0J~ ]Ɋ& !XJ~0 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=521c892a-bd47-47e2-a93a-fa44f0d48016 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**H1J~ ]Ɋ& !XJ~1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=521c892a-bd47-47e2-a93a-fa44f0d48016 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ftVoH**H2J~ ]Ɋ& !XJ~2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=521c892a-bd47-47e2-a93a-fa44f0d48016 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ritH**3J~ ]Ɋ& !J~3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=521c892a-bd47-47e2-a93a-fa44f0d48016 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=60a3d2a4-6790-4c27-9d97-7c0d725b37b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**4J~ ]Ɋ& !J~4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=521c892a-bd47-47e2-a93a-fa44f0d48016 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=60a3d2a4-6790-4c27-9d97-7c0d725b37b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**X5 ]Ɋ& !X5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6a1fda27-491f-4f19-b986-e61f81ce3904 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US;X**p6 ]Ɋ& !X6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6a1fda27-491f-4f19-b986-e61f81ce3904 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostVp**h7 ]Ɋ& !X7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6a1fda27-491f-4f19-b986-e61f81ce3904 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`8 ]Ɋ& !X8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6a1fda27-491f-4f19-b986-e61f81ce3904 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*`**`9 ]Ɋ& !X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6a1fda27-491f-4f19-b986-e61f81ce3904 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru`**`: ]Ɋ& !X: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6a1fda27-491f-4f19-b986-e61f81ce3904 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**; ]Ɋ& !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6a1fda27-491f-4f19-b986-e61f81ce3904 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e57d9f34-a4be-4ee2-a88b-9b55c90ea907 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6a1fda27-491f-4f19-b986-e61f81ce3904 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e57d9f34-a4be-4ee2-a88b-9b55c90ea907 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(= ]Ɋ& !X= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f1418be4-58ab-46bf-b6df-32f3d3921ec1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6(**@> ]Ɋ& !X> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f1418be4-58ab-46bf-b6df-32f3d3921ec1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9@**@? ]Ɋ& !X? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f1418be4-58ab-46bf-b6df-32f3d3921ec1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8@ ]Ɋ& !X@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f1418be4-58ab-46bf-b6df-32f3d3921ec1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8A ]Ɋ& !XA F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f1418be4-58ab-46bf-b6df-32f3d3921ec1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8B ]Ɋ& !XB F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f1418be4-58ab-46bf-b6df-32f3d3921ec1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**C ]Ɋ& !C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f1418be4-58ab-46bf-b6df-32f3d3921ec1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1c4c9bfd-3e5e-4183-be1b-25dd0529ed7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**Dw ]Ɋ& !wD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f1418be4-58ab-46bf-b6df-32f3d3921ec1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1c4c9bfd-3e5e-4183-be1b-25dd0529ed7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**XE:y ]Ɋ& !X:yE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0335c974-713c-46ea-9935-72d8549161a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**pF:y ]Ɋ& !X:yF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0335c974-713c-46ea-9935-72d8549161a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**pG:y ]Ɋ& !X:yG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0335c974-713c-46ea-9935-72d8549161a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**hH:y ]Ɋ& !X:yH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0335c974-713c-46ea-9935-72d8549161a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**hI:y ]Ɋ& !X:yI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0335c974-713c-46ea-9935-72d8549161a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**hJ:y ]Ɋ& !X:yJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0335c974-713c-46ea-9935-72d8549161a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**K:y ]Ɋ&  !:yK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0335c974-713c-46ea-9935-72d8549161a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31258e55-4cce-4eef-97ef-2b66bc844930 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sbe.properties ]Ɋ& CuL F&n-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& XaZL F& F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XL( F&XElfChnkL~L~x$ZhmMu=VysMc&&** L ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !L F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0335c974-713c-46ea-9935-72d8549161a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31258e55-4cce-4eef-97ef-2b66bc844930 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **M ]Ɋ& '!XM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=75766b21-645e-49aa-baf5-2afc987e1302 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**N ]Ɋ& ?!XN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=75766b21-645e-49aa-baf5-2afc987e1302 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**O ]Ɋ& ;!XO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=75766b21-645e-49aa-baf5-2afc987e1302 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**P ]Ɋ& 3!XP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=75766b21-645e-49aa-baf5-2afc987e1302 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Q ]Ɋ& 3!XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=75766b21-645e-49aa-baf5-2afc987e1302 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ica**R ]Ɋ& 5!XR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=75766b21-645e-49aa-baf5-2afc987e1302 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0S ]Ɋ& !S F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=75766b21-645e-49aa-baf5-2afc987e1302 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3f960cee-546d-48ea-8f54-1e596048e0f6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow0**@Tg ]Ɋ& !gT F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=75766b21-645e-49aa-baf5-2afc987e1302 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3f960cee-546d-48ea-8f54-1e596048e0f6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**U"m ]Ɋ& )!X"mU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f21b3545-d8ce-444e-8cd8-bb832126e683 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**V"m ]Ɋ& A!X"mV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f21b3545-d8ce-444e-8cd8-bb832126e683 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-wid**W"m ]Ɋ& =!X"mW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f21b3545-d8ce-444e-8cd8-bb832126e683 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**X"m ]Ɋ& 5!X"mX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f21b3545-d8ce-444e-8cd8-bb832126e683 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **Y"m ]Ɋ& 5!X"mY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f21b3545-d8ce-444e-8cd8-bb832126e683 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==6**Z"m ]Ɋ& 7!X"mZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f21b3545-d8ce-444e-8cd8-bb832126e683 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0["m ]Ɋ& !"m[ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f21b3545-d8ce-444e-8cd8-bb832126e683 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c5460976-7070-4a2d-9aba-f160eafbbf6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@\O ]Ɋ& !O\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f21b3545-d8ce-444e-8cd8-bb832126e683 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c5460976-7070-4a2d-9aba-f160eafbbf6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X]O ]Ɋ& !XO] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=91e2844c-074c-4b6d-9424-03d63a8b3343 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p^O ]Ɋ& !XO^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=91e2844c-074c-4b6d-9424-03d63a8b3343 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Jp**h_O ]Ɋ& !XO_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=91e2844c-074c-4b6d-9424-03d63a8b3343 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**``O ]Ɋ& !XO` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=91e2844c-074c-4b6d-9424-03d63a8b3343 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`aO ]Ɋ& !XOa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=91e2844c-074c-4b6d-9424-03d63a8b3343 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**hbO ]Ɋ& !XOb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=91e2844c-074c-4b6d-9424-03d63a8b3343 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineSh**c6 ]Ɋ&  !6c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=91e2844c-074c-4b6d-9424-03d63a8b3343 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=89e5fbe3-4eb0-4ccc-abb5-b34d03c24df4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ped **d6 ]Ɋ& !6d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=91e2844c-074c-4b6d-9424-03d63a8b3343 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=89e5fbe3-4eb0-4ccc-abb5-b34d03c24df4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt**8e6 ]Ɋ& !X6e F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=626b248a-54b7-4326-a6be-ecd5661dae31 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nm8**Pf6 ]Ɋ& !X6f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=626b248a-54b7-4326-a6be-ecd5661dae31 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idP**Pg6 ]Ɋ& !X6g F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=626b248a-54b7-4326-a6be-ecd5661dae31 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartP**Hh6 ]Ɋ& !X6h F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=626b248a-54b7-4326-a6be-ecd5661dae31 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ReH**Hi6 ]Ɋ& !X6i F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=626b248a-54b7-4326-a6be-ecd5661dae31 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hj6 ]Ɋ& !X6j F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=626b248a-54b7-4326-a6be-ecd5661dae31 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**k6 ]Ɋ& !6k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=626b248a-54b7-4326-a6be-ecd5661dae31 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=607cf5e9-7c24-4023-a864-3de5b1c7269d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**l|ψ ]Ɋ& !|ψl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=626b248a-54b7-4326-a6be-ecd5661dae31 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=607cf5e9-7c24-4023-a864-3de5b1c7269d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xm|ψ ]Ɋ& !X|ψm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=68afa931-15ae-455d-832f-36e96559af5c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaX**pn|ψ ]Ɋ& !X|ψn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=68afa931-15ae-455d-832f-36e96559af5c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**ho|ψ ]Ɋ& !X|ψo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=68afa931-15ae-455d-832f-36e96559af5c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`p|ψ ]Ɋ& !X|ψp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=68afa931-15ae-455d-832f-36e96559af5c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`q|ψ ]Ɋ& !X|ψq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=68afa931-15ae-455d-832f-36e96559af5c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=`**`r|ψ ]Ɋ& !X|ψr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=68afa931-15ae-455d-832f-36e96559af5c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**s|ψ ]Ɋ& !|ψs F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=68afa931-15ae-455d-832f-36e96559af5c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b6cdc254-20e3-4bfa-8b3f-c4a83e0876f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**t|ψ ]Ɋ& !|ψt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=68afa931-15ae-455d-832f-36e96559af5c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b6cdc254-20e3-4bfa-8b3f-c4a83e0876f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **(uh ]Ɋ& !Xhu F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=588b680b-7f7f-474c-883f-ac879253e916 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@vh ]Ɋ& !Xhv F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=588b680b-7f7f-474c-883f-ac879253e916 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@wh ]Ɋ& !Xhw F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=588b680b-7f7f-474c-883f-ac879253e916 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin@**8xh ]Ɋ& !Xhx F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=588b680b-7f7f-474c-883f-ac879253e916 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8yh ]Ɋ& !Xhy F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=588b680b-7f7f-474c-883f-ac879253e916 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:8**8zh ]Ɋ& !Xhz F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=588b680b-7f7f-474c-883f-ac879253e916 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== 8**{h ]Ɋ& !h{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=588b680b-7f7f-474c-883f-ac879253e916 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1759138c-9a44-4424-bafe-46282390eadd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge**|? ]Ɋ& !?| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=588b680b-7f7f-474c-883f-ac879253e916 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1759138c-9a44-4424-bafe-46282390eadd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te';**X}] ]Ɋ& !X]} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee5fb685-68ad-4871-9a27-3efb35f33633 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p~] ]Ɋ& !X]~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee5fb685-68ad-4871-9a27-3efb35f33633 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX] F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XL( F&XElfChnkHnlUfMu=VysMc&&**p ] ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! S!X] F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee5fb685-68ad-4871-9a27-3efb35f33633 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **h] ]Ɋ& !X] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee5fb685-68ad-4871-9a27-3efb35f33633 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h] ]Ɋ& !X] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee5fb685-68ad-4871-9a27-3efb35f33633 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h] ]Ɋ& !X] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee5fb685-68ad-4871-9a27-3efb35f33633 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tah**] ]Ɋ&  !] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee5fb685-68ad-4871-9a27-3efb35f33633 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f077720-eee0-47f6-a0af-ffa7144cc22d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=98** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee5fb685-68ad-4871-9a27-3efb35f33633 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f077720-eee0-47f6-a0af-ffa7144cc22d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,De**' ]Ɋ& '!X' F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a2c69539-7079-4f35-b1a7-0fb9d8260c1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**' ]Ɋ& ?!X' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a2c69539-7079-4f35-b1a7-0fb9d8260c1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**' ]Ɋ& ;!X' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a2c69539-7079-4f35-b1a7-0fb9d8260c1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hel**' ]Ɋ& 3!X' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a2c69539-7079-4f35-b1a7-0fb9d8260c1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**' ]Ɋ& 3!X' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a2c69539-7079-4f35-b1a7-0fb9d8260c1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll **' ]Ɋ& 5!X' F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a2c69539-7079-4f35-b1a7-0fb9d8260c1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0' ]Ɋ& !' F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a2c69539-7079-4f35-b1a7-0fb9d8260c1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=98450f90-6e18-441a-b8e8-50a1fe82c1df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng0**@M ]Ɋ& !M F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a2c69539-7079-4f35-b1a7-0fb9d8260c1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=98450f90-6e18-441a-b8e8-50a1fe82c1df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]@**)LV ]Ɋ& )!X)LV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=993849bf-87fa-41b9-bff9-96dceb4bb596 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**)LV ]Ɋ& A!X)LV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=993849bf-87fa-41b9-bff9-96dceb4bb596 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **)LV ]Ɋ& =!X)LV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=993849bf-87fa-41b9-bff9-96dceb4bb596 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**)LV ]Ɋ& 5!X)LV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=993849bf-87fa-41b9-bff9-96dceb4bb596 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl**)LV ]Ɋ& 5!X)LV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=993849bf-87fa-41b9-bff9-96dceb4bb596 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **)LV ]Ɋ& 7!X)LV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=993849bf-87fa-41b9-bff9-96dceb4bb596 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**0)LV ]Ɋ& !)LV F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=993849bf-87fa-41b9-bff9-96dceb4bb596 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e43f97f9-6fb5-477b-a4fd-ba6c3c0b7f8c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=40**@V NV ]Ɋ& !V NV F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=993849bf-87fa-41b9-bff9-96dceb4bb596 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e43f97f9-6fb5-477b-a4fd-ba6c3c0b7f8c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**XV NV ]Ɋ& !XV NV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ec8109ef-bc47-4fe7-ba60-db82b10362d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProX**pV NV ]Ɋ& !XV NV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ec8109ef-bc47-4fe7-ba60-db82b10362d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt p**hV NV ]Ɋ& !XV NV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ec8109ef-bc47-4fe7-ba60-db82b10362d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sh**`V NV ]Ɋ& !XV NV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ec8109ef-bc47-4fe7-ba60-db82b10362d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**`V NV ]Ɋ& !XV NV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ec8109ef-bc47-4fe7-ba60-db82b10362d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**hV NV ]Ɋ& !XV NV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ec8109ef-bc47-4fe7-ba60-db82b10362d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**V NV ]Ɋ&  !V NV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ec8109ef-bc47-4fe7-ba60-db82b10362d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2a62fc36-c965-44dd-8f36-01f4d24b4f00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=248a**NV ]Ɋ& !NV F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ec8109ef-bc47-4fe7-ba60-db82b10362d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2a62fc36-c965-44dd-8f36-01f4d24b4f00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6b**8NV ]Ɋ& !XNV F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e4abd861-057c-491d-ae9b-ba0aaef00a7c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si8**PNV ]Ɋ& !XNV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e4abd861-057c-491d-ae9b-ba0aaef00a7c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leP**PNV ]Ɋ& !XNV F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e4abd861-057c-491d-ae9b-ba0aaef00a7c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HoP**HNV ]Ɋ& !XNV F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e4abd861-057c-491d-ae9b-ba0aaef00a7c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eNumH**HNV ]Ɋ& !XNV F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e4abd861-057c-491d-ae9b-ba0aaef00a7c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**HNV ]Ɋ& !XNV F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e4abd861-057c-491d-ae9b-ba0aaef00a7c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ateH**NV ]Ɋ& !NV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e4abd861-057c-491d-ae9b-ba0aaef00a7c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bec80725-3ee4-41b7-a0de-249a6c49bcec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber**NV ]Ɋ& !NV F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e4abd861-057c-491d-ae9b-ba0aaef00a7c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bec80725-3ee4-41b7-a0de-249a6c49bcec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XNV ]Ɋ& !XNV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=95ed9979-dd2e-4e8a-b0fa-c2cd43216e7c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNamX**pNV ]Ɋ& !XNV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=95ed9979-dd2e-4e8a-b0fa-c2cd43216e7c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hNV ]Ɋ& !XNV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=95ed9979-dd2e-4e8a-b0fa-c2cd43216e7c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**`NV ]Ɋ& !XNV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=95ed9979-dd2e-4e8a-b0fa-c2cd43216e7c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=('`**`NV ]Ɋ& !XNV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=95ed9979-dd2e-4e8a-b0fa-c2cd43216e7c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ti`**`NV ]Ɋ& !XNV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=95ed9979-dd2e-4e8a-b0fa-c2cd43216e7c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**NV ]Ɋ& !NV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=95ed9979-dd2e-4e8a-b0fa-c2cd43216e7c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22a0adc6-022d-4380-9cb4-febaab9c65a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**:OV ]Ɋ& !:OV F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=95ed9979-dd2e-4e8a-b0fa-c2cd43216e7c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22a0adc6-022d-4380-9cb4-febaab9c65a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**(:OV ]Ɋ& !X:OV F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a3967de3-9054-4367-9025-4d70c1954511 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@:OV ]Ɋ& !X:OV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a3967de3-9054-4367-9025-4d70c1954511 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@:OV ]Ɋ& !X:OV F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a3967de3-9054-4367-9025-4d70c1954511 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ace@**8:OV ]Ɋ& !X:OV F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a3967de3-9054-4367-9025-4d70c1954511 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es[8nstalldate'] ]Ɋ& etX:OV F&imatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX] F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XL( F&XElfChnk^SBnMu=VysMc&&**8 :OV ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X:OV F&F%g>9{p(xlMD EventDatauoData !BinaryhRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a3967de3-9054-4367-9025-4d70c1954511 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8:OV ]Ɋ& !X:OV F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a3967de3-9054-4367-9025-4d70c1954511 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=In8**:OV ]Ɋ& !:OV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a3967de3-9054-4367-9025-4d70c1954511 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8968e413-3a96-4124-a62d-6e619af55500 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WA**OV ]Ɋ& !OV F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a3967de3-9054-4367-9025-4d70c1954511 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8968e413-3a96-4124-a62d-6e619af55500 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=po**X RV ]Ɋ& !X RV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=94d0e945-94f4-4d48-8a1b-45c14b82cc0e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**p RV ]Ɋ& !X RV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=94d0e945-94f4-4d48-8a1b-45c14b82cc0e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6p**p RV ]Ɋ& !X RV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=94d0e945-94f4-4d48-8a1b-45c14b82cc0e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h RV ]Ɋ& !X RV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=94d0e945-94f4-4d48-8a1b-45c14b82cc0e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**h RV ]Ɋ& !X RV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=94d0e945-94f4-4d48-8a1b-45c14b82cc0e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNh**h RV ]Ɋ& !X RV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=94d0e945-94f4-4d48-8a1b-45c14b82cc0e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dBh** RV ]Ɋ&  ! RV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=94d0e945-94f4-4d48-8a1b-45c14b82cc0e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb69a3bc-0d24-40ff-80c6-6835092ea52b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**fSV ]Ɋ& !fSV F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=94d0e945-94f4-4d48-8a1b-45c14b82cc0e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb69a3bc-0d24-40ff-80c6-6835092ea52b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gine**fSV ]Ɋ& '!XfSV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5bb59a3e-874a-4207-b2b1-0a64b9b46e3f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**fSV ]Ɋ& ?!XfSV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5bb59a3e-874a-4207-b2b1-0a64b9b46e3f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**fSV ]Ɋ& ;!XfSV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5bb59a3e-874a-4207-b2b1-0a64b9b46e3f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**fSV ]Ɋ& 3!XfSV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5bb59a3e-874a-4207-b2b1-0a64b9b46e3f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsh**fSV ]Ɋ& 3!XfSV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5bb59a3e-874a-4207-b2b1-0a64b9b46e3f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**fSV ]Ɋ& 5!XfSV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5bb59a3e-874a-4207-b2b1-0a64b9b46e3f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=re**0fSV ]Ɋ& !fSV F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5bb59a3e-874a-4207-b2b1-0a64b9b46e3f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f62dd6a2-3c3f-4b01-9f80-f0050e533a0a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@͗TV ]Ɋ& !͗TV F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5bb59a3e-874a-4207-b2b1-0a64b9b46e3f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f62dd6a2-3c3f-4b01-9f80-f0050e533a0a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se@**e;ֹ ]Ɋ& )!Xe;ֹ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8703b114-51b5-484f-b3a7-581f5b2f3ea3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a60-**e;ֹ ]Ɋ& A!Xe;ֹ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8703b114-51b5-484f-b3a7-581f5b2f3ea3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=C**e;ֹ ]Ɋ& =!Xe;ֹ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8703b114-51b5-484f-b3a7-581f5b2f3ea3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **e;ֹ ]Ɋ& 5!Xe;ֹ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8703b114-51b5-484f-b3a7-581f5b2f3ea3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**e;ֹ ]Ɋ& 5!Xe;ֹ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8703b114-51b5-484f-b3a7-581f5b2f3ea3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V N**e;ֹ ]Ɋ& 7!Xe;ֹ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8703b114-51b5-484f-b3a7-581f5b2f3ea3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**0e;ֹ ]Ɋ& !e;ֹ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8703b114-51b5-484f-b3a7-581f5b2f3ea3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3d8a2e58-e415-4b0d-8dba-10d3675ab3ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=60**@l׹ ]Ɋ& !l׹ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8703b114-51b5-484f-b3a7-581f5b2f3ea3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3d8a2e58-e415-4b0d-8dba-10d3675ab3ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e |@**Xl׹ ]Ɋ& !Xl׹ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7be8ce56-d781-4f99-ba36-61d4eb391fd7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pdaX**pl׹ ]Ɋ& !Xl׹ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7be8ce56-d781-4f99-ba36-61d4eb391fd7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nEnp**hl׹ ]Ɋ& !Xl׹ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7be8ce56-d781-4f99-ba36-61d4eb391fd7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th**`l׹ ]Ɋ& !Xl׹ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7be8ce56-d781-4f99-ba36-61d4eb391fd7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`l׹ ]Ɋ& !Xl׹ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7be8ce56-d781-4f99-ba36-61d4eb391fd7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**hl׹ ]Ɋ& !Xl׹ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7be8ce56-d781-4f99-ba36-61d4eb391fd7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ruh**l׹ ]Ɋ&  !l׹ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7be8ce56-d781-4f99-ba36-61d4eb391fd7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6bc02571-b30f-4e46-884a-fa82315e13f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pipe**l׹ ]Ɋ& !l׹ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7be8ce56-d781-4f99-ba36-61d4eb391fd7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6bc02571-b30f-4e46-884a-fa82315e13f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**8)ع ]Ɋ& !X)ع F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=23878e30-b376-47cb-b7df-859fd71aab7f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P)ع ]Ɋ& !X)ع F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=23878e30-b376-47cb-b7df-859fd71aab7f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=unP**P)ع ]Ɋ& !X)ع F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=23878e30-b376-47cb-b7df-859fd71aab7f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gineP**H)ع ]Ɋ& !X)ع F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=23878e30-b376-47cb-b7df-859fd71aab7f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 65H**H)ع ]Ɋ& !X)ع F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=23878e30-b376-47cb-b7df-859fd71aab7f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StriH**H)ع ]Ɋ& !X)ع F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=23878e30-b376-47cb-b7df-859fd71aab7f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oluH**)ع ]Ɋ& !)ع F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=23878e30-b376-47cb-b7df-859fd71aab7f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f8bc3d6f-ac08-4311-9dcf-a1975216138b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=553**)ع ]Ɋ& !)ع F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=23878e30-b376-47cb-b7df-859fd71aab7f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f8bc3d6f-ac08-4311-9dcf-a1975216138b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X)ع ]Ɋ& !X)ع F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=afacc404-14c3-444c-a1b9-cd12d163827e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arseX**p)ع ]Ɋ& !X)ع F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=afacc404-14c3-444c-a1b9-cd12d163827e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h)ع ]Ɋ& !X)ع F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=afacc404-14c3-444c-a1b9-cd12d163827e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eqh**`)ع ]Ɋ& !X)ع F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=afacc404-14c3-444c-a1b9-cd12d163827e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`)ع ]Ɋ& !X)ع F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=afacc404-14c3-444c-a1b9-cd12d163827e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri`**`)ع ]Ɋ& !X)ع F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=afacc404-14c3-444c-a1b9-cd12d163827e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`ElfChnk`4Mu=VysMc&&**)ع ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !)ع F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=afacc404-14c3-444c-a1b9-cd12d163827e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=98983f8a-6b8a-4eb2-a054-8222a9b947cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**)ع ]Ɋ& !)ع F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=afacc404-14c3-444c-a1b9-cd12d163827e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=98983f8a-6b8a-4eb2-a054-8222a9b947cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **(ع ]Ɋ& !Xع F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=38037f3a-1ec5-49ea-9637-5ba02b7239f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@ع ]Ɋ& !Xع F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=38037f3a-1ec5-49ea-9637-5ba02b7239f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@ع ]Ɋ& !Xع F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=38037f3a-1ec5-49ea-9637-5ba02b7239f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | @**8ع ]Ɋ& !Xع F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=38037f3a-1ec5-49ea-9637-5ba02b7239f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Se8**8ع ]Ɋ& !Xع F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=38037f3a-1ec5-49ea-9637-5ba02b7239f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS8**8ع ]Ɋ& !Xع F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=38037f3a-1ec5-49ea-9637-5ba02b7239f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**ع ]Ɋ& !ع F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=38037f3a-1ec5-49ea-9637-5ba02b7239f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=afe7db87-46a5-4b00-80d5-5d5e440abfac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si**V6ٹ ]Ɋ& !V6ٹ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=38037f3a-1ec5-49ea-9637-5ba02b7239f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=afe7db87-46a5-4b00-80d5-5d5e440abfac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obal**X۹ ]Ɋ& !X۹ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=347c9ba3-8198-47ff-b0c5-2c1c527fea67 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p۹ ]Ɋ& !X۹ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=347c9ba3-8198-47ff-b0c5-2c1c527fea67 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.p**p۹ ]Ɋ& !X۹ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=347c9ba3-8198-47ff-b0c5-2c1c527fea67 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e.pp**h۹ ]Ɋ& !X۹ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=347c9ba3-8198-47ff-b0c5-2c1c527fea67 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n.Ch**h۹ ]Ɋ& !X۹ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=347c9ba3-8198-47ff-b0c5-2c1c527fea67 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655h**h۹ ]Ɋ& !X۹ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=347c9ba3-8198-47ff-b0c5-2c1c527fea67 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pah**۹ ]Ɋ&  !۹ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=347c9ba3-8198-47ff-b0c5-2c1c527fea67 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df555f85-0e6f-44ce-958f-dec30d439894 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**۹ ]Ɋ& !۹ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=347c9ba3-8198-47ff-b0c5-2c1c527fea67 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df555f85-0e6f-44ce-958f-dec30d439894 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**۹ ]Ɋ& '!X۹ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d7e2954b-d912-48cd-9e10-a605b33e88a6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**۹ ]Ɋ& ?!X۹ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d7e2954b-d912-48cd-9e10-a605b33e88a6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**۹ ]Ɋ& ;!X۹ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d7e2954b-d912-48cd-9e10-a605b33e88a6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**۹ ]Ɋ& 3!X۹ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d7e2954b-d912-48cd-9e10-a605b33e88a6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ati**۹ ]Ɋ& 3!X۹ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d7e2954b-d912-48cd-9e10-a605b33e88a6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**۹ ]Ɋ& 5!X۹ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d7e2954b-d912-48cd-9e10-a605b33e88a6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**0۹ ]Ɋ& !۹ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d7e2954b-d912-48cd-9e10-a605b33e88a6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b8cc2b90-68e2-41eb-9bcc-297457aa3607 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@F1ܹ ]Ɋ& !F1ܹ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d7e2954b-d912-48cd-9e10-a605b33e88a6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b8cc2b90-68e2-41eb-9bcc-297457aa3607 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stri@**@ ]Ɋ& )!X@ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=51d14da0-8873-4f11-949d-9dd4e6b399f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tanc**@ ]Ɋ& A!X@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=51d14da0-8873-4f11-949d-9dd4e6b399f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1-4f**@ ]Ɋ& =!X@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=51d14da0-8873-4f11-949d-9dd4e6b399f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **@ ]Ɋ& 5!X@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=51d14da0-8873-4f11-949d-9dd4e6b399f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**@ ]Ɋ& 5!X@ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=51d14da0-8873-4f11-949d-9dd4e6b399f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@ ]Ɋ& 7!X@ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=51d14da0-8873-4f11-949d-9dd4e6b399f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0@ ]Ɋ& !@ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=51d14da0-8873-4f11-949d-9dd4e6b399f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6de56623-eb33-4f60-96da-70dcc90c0868 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m0**@m ]Ɋ& !m F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=51d14da0-8873-4f11-949d-9dd4e6b399f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6de56623-eb33-4f60-96da-70dcc90c0868 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a8314df1-650b-4e10-b44d-c3263fcd36d9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a8314df1-650b-4e10-b44d-c3263fcd36d9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=inep**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a8314df1-650b-4e10-b44d-c3263fcd36d9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a8314df1-650b-4e10-b44d-c3263fcd36d9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`  ]Ɋ& !X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a8314df1-650b-4e10-b44d-c3263fcd36d9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I`**h  ]Ɋ& !X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a8314df1-650b-4e10-b44d-c3263fcd36d9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nameh**  ]Ɋ&  !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a8314df1-650b-4e10-b44d-c3263fcd36d9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d06498c3-c4bc-4a61-9bff-2bd95cf7d3cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand** H ]Ɋ& !H  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a8314df1-650b-4e10-b44d-c3263fcd36d9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d06498c3-c4bc-4a61-9bff-2bd95cf7d3cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8 1 ]Ɋ& !X1  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2306757f-d00c-434d-8f0d-72f07465d7ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sc8**P1 ]Ɋ& !X1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2306757f-d00c-434d-8f0d-72f07465d7ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P1 ]Ɋ& !X1 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2306757f-d00c-434d-8f0d-72f07465d7ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== P**H1 ]Ɋ& !X1 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2306757f-d00c-434d-8f0d-72f07465d7ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eId=H**H1 ]Ɋ& !X1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2306757f-d00c-434d-8f0d-72f07465d7ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d= H**H1 ]Ɋ& !X1 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2306757f-d00c-434d-8f0d-72f07465d7ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RH**1 ]Ɋ& !1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2306757f-d00c-434d-8f0d-72f07465d7ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c93fa8b0-6d00-4bde-8b3d-7d4febc1952e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= mmandName=  ]Ɋ& CommandPath= Comm1ElfChnkCCH\_GB /Mu=VysMc&&**1 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !1 F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2306757f-d00c-434d-8f0d-72f07465d7ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c93fa8b0-6d00-4bde-8b3d-7d4febc1952e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**X1 ]Ɋ& !X1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e9c7c968-6487-4856-8cce-7787e0d88de1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**p1 ]Ɋ& !X1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e9c7c968-6487-4856-8cce-7787e0d88de1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**h1 ]Ɋ& !X1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e9c7c968-6487-4856-8cce-7787e0d88de1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`1 ]Ɋ& !X1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e9c7c968-6487-4856-8cce-7787e0d88de1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`1 ]Ɋ& !X1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e9c7c968-6487-4856-8cce-7787e0d88de1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`1 ]Ɋ& !X1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e9c7c968-6487-4856-8cce-7787e0d88de1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**1 ]Ɋ& !1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e9c7c968-6487-4856-8cce-7787e0d88de1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cefb4527-ef56-4345-b316-e8a0a1fe019c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ذ**1 ]Ɋ& !1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e9c7c968-6487-4856-8cce-7787e0d88de1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cefb4527-ef56-4345-b316-e8a0a1fe019c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(y ]Ɋ& !Xy F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d819ead3-b02f-4448-894a-3df7ef89ac02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f(**@y ]Ɋ& !Xy F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d819ead3-b02f-4448-894a-3df7ef89ac02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@y ]Ɋ& !Xy F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d819ead3-b02f-4448-894a-3df7ef89ac02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8 y ]Ɋ& !Xy  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d819ead3-b02f-4448-894a-3df7ef89ac02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8!y ]Ɋ& !Xy! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d819ead3-b02f-4448-894a-3df7ef89ac02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8"y ]Ɋ& !Xy" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d819ead3-b02f-4448-894a-3df7ef89ac02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**#y ]Ɋ& !y# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d819ead3-b02f-4448-894a-3df7ef89ac02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=feb79c17-f83e-4db8-a037-66be6d6a2bbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **$^ ]Ɋ& !^$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d819ead3-b02f-4448-894a-3df7ef89ac02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=feb79c17-f83e-4db8-a037-66be6d6a2bbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**X%套 ]Ɋ& !X套% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=03f62a8b-bd53-4765-a82a-8a7e9f264cb8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p&套 ]Ɋ& !X套& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=03f62a8b-bd53-4765-a82a-8a7e9f264cb8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p'套 ]Ɋ& !X套' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=03f62a8b-bd53-4765-a82a-8a7e9f264cb8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**h(套 ]Ɋ& !X套( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=03f62a8b-bd53-4765-a82a-8a7e9f264cb8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**h)套 ]Ɋ& !X套) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=03f62a8b-bd53-4765-a82a-8a7e9f264cb8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**h*套 ]Ɋ& !X套* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=03f62a8b-bd53-4765-a82a-8a7e9f264cb8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**+套 ]Ɋ&  !套+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=03f62a8b-bd53-4765-a82a-8a7e9f264cb8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=06e3eddb-3124-484e-a8d4-75f1a630d8c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,{> ]Ɋ& !{>, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=03f62a8b-bd53-4765-a82a-8a7e9f264cb8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=06e3eddb-3124-484e-a8d4-75f1a630d8c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**-{> ]Ɋ& '!X{>- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6c194d3d-1830-4bbc-a68a-09ca76f3282d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **.{> ]Ɋ& ?!X{>. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6c194d3d-1830-4bbc-a68a-09ca76f3282d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**/{> ]Ɋ& ;!X{>/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6c194d3d-1830-4bbc-a68a-09ca76f3282d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**0{> ]Ɋ& 3!X{>0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6c194d3d-1830-4bbc-a68a-09ca76f3282d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **1{> ]Ɋ& 3!X{>1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6c194d3d-1830-4bbc-a68a-09ca76f3282d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**2{> ]Ɋ& 5!X{>2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6c194d3d-1830-4bbc-a68a-09ca76f3282d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**03{> ]Ɋ& !{>3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6c194d3d-1830-4bbc-a68a-09ca76f3282d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=85fc84ba-3e09-4b12-b7dd-ec2da0ee5af7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@4o ]Ɋ& !o4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6c194d3d-1830-4bbc-a68a-09ca76f3282d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=85fc84ba-3e09-4b12-b7dd-ec2da0ee5af7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-70d@**5$T3 ]Ɋ& )!X$T35 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cfeeb506-0da4-4ec4-9130-fe785fce8a99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**6$T3 ]Ɋ& A!X$T36 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cfeeb506-0da4-4ec4-9130-fe785fce8a99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**7$T3 ]Ɋ& =!X$T37 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cfeeb506-0da4-4ec4-9130-fe785fce8a99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c3**8$T3 ]Ɋ& 5!X$T38 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cfeeb506-0da4-4ec4-9130-fe785fce8a99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**9$T3 ]Ɋ& 5!X$T39 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cfeeb506-0da4-4ec4-9130-fe785fce8a99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**:$T3 ]Ɋ& 7!X$T3: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cfeeb506-0da4-4ec4-9130-fe785fce8a99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0;$T3 ]Ɋ& !$T3; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cfeeb506-0da4-4ec4-9130-fe785fce8a99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3449f4fc-b920-475d-8ec7-e2c1ce00e047 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@<UU3 ]Ɋ& !UU3< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cfeeb506-0da4-4ec4-9130-fe785fce8a99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3449f4fc-b920-475d-8ec7-e2c1ce00e047 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X=UU3 ]Ɋ& !XUU3= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p>UU3 ]Ɋ& !XUU3> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h?UU3 ]Ɋ& !XUU3? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`@UU3 ]Ɋ& !XUU3@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`AUU3 ]Ɋ& !XUU3A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hBUU3 ]Ɋ& !XUU3B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**CUU3 ]Ɋ&  !UU3C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aff2b60f-8d22-4076-901f-e10e44d0b5c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!1 ]Ɋ& atUU3D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aff2b60f-8d22-4076-901f-e10e44d0b5c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkDtDt@<]CuMu=VysMc&&**DUU3 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !UU3D F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aff2b60f-8d22-4076-901f-e10e44d0b5c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8EU3 ]Ɋ& !XU3E F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a5643919-c03d-49dd-aeb1-e7df08beaf8b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om8**PFU3 ]Ɋ& !XU3F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a5643919-c03d-49dd-aeb1-e7df08beaf8b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**PGU3 ]Ɋ& !XU3G F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a5643919-c03d-49dd-aeb1-e7df08beaf8b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaP**HHU3 ]Ɋ& !XU3H F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a5643919-c03d-49dd-aeb1-e7df08beaf8b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iptNH**HIU3 ]Ɋ& !XU3I F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a5643919-c03d-49dd-aeb1-e7df08beaf8b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTypH**HJU3 ]Ɋ& !XU3J F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a5643919-c03d-49dd-aeb1-e7df08beaf8b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**KU3 ]Ɋ& !U3K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a5643919-c03d-49dd-aeb1-e7df08beaf8b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5403764f-6c1c-4b92-8cfa-e515bd75597b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **LU3 ]Ɋ& !U3L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a5643919-c03d-49dd-aeb1-e7df08beaf8b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5403764f-6c1c-4b92-8cfa-e515bd75597b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XMU3 ]Ɋ& !XU3M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a694c807-173d-4477-a198-734931846db8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulX**pNU3 ]Ɋ& !XU3N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a694c807-173d-4477-a198-734931846db8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={ [p**hOU3 ]Ɋ& !XU3O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a694c807-173d-4477-a198-734931846db8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=94h**`PU3 ]Ɋ& !XU3P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a694c807-173d-4477-a198-734931846db8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rS`**`QU3 ]Ɋ& !XU3Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a694c807-173d-4477-a198-734931846db8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`RU3 ]Ɋ& !XU3R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a694c807-173d-4477-a198-734931846db8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**SU3 ]Ɋ& !U3S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a694c807-173d-4477-a198-734931846db8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bf9edbb0-733d-46fd-8415-ba1ec30b6990 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-**TU3 ]Ɋ& !U3T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a694c807-173d-4477-a198-734931846db8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bf9edbb0-733d-46fd-8415-ba1ec30b6990 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ure**(UV3 ]Ɋ& !XV3U F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=56128d55-1756-4682-8835-d57917d66f09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v(**@VV3 ]Ɋ& !XV3V F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=56128d55-1756-4682-8835-d57917d66f09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K@**@WV3 ]Ɋ& !XV3W F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=56128d55-1756-4682-8835-d57917d66f09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=@**8XV3 ]Ɋ& !XV3X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=56128d55-1756-4682-8835-d57917d66f09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F8**8YV3 ]Ɋ& !XV3Y F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=56128d55-1756-4682-8835-d57917d66f09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam8**8ZV3 ]Ɋ& !XV3Z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=56128d55-1756-4682-8835-d57917d66f09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Gl8**[V3 ]Ɋ& !V3[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=56128d55-1756-4682-8835-d57917d66f09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dda401d2-d7fe-44a3-8f7a-e9b4a1ce550e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**\W3 ]Ɋ& !W3\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=56128d55-1756-4682-8835-d57917d66f09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dda401d2-d7fe-44a3-8f7a-e9b4a1ce550e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tall**X]PX3 ]Ɋ& !XPX3] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=325147ef-806f-4b58-8f46-db6354e745e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\X**p^PX3 ]Ɋ& !XPX3^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=325147ef-806f-4b58-8f46-db6354e745e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\p**p_PX3 ]Ɋ& !XPX3_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=325147ef-806f-4b58-8f46-db6354e745e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=help**h`PX3 ]Ɋ& !XPX3` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=325147ef-806f-4b58-8f46-db6354e745e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ct h**haPX3 ]Ɋ& !XPX3a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=325147ef-806f-4b58-8f46-db6354e745e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n';h**hbPX3 ]Ɋ& !XPX3b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=325147ef-806f-4b58-8f46-db6354e745e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=([h**cPX3 ]Ɋ&  !PX3c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=325147ef-806f-4b58-8f46-db6354e745e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=988494a0-b941-47ba-b829-239e04e66d53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta**dxX3 ]Ɋ& !xX3d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=325147ef-806f-4b58-8f46-db6354e745e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=988494a0-b941-47ba-b829-239e04e66d53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omma**exX3 ]Ɋ& '!XxX3e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=98962571-715b-41cd-81b7-bb007d3a755d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**fxX3 ]Ɋ& ?!XxX3f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=98962571-715b-41cd-81b7-bb007d3a755d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**gxX3 ]Ɋ& ;!XxX3g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=98962571-715b-41cd-81b7-bb007d3a755d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt **hxX3 ]Ɋ& 3!XxX3h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=98962571-715b-41cd-81b7-bb007d3a755d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=**ixX3 ]Ɋ& 3!XxX3i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=98962571-715b-41cd-81b7-bb007d3a755d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**jxX3 ]Ɋ& 5!XxX3j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=98962571-715b-41cd-81b7-bb007d3a755d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0kxX3 ]Ɋ& !xX3k F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=98962571-715b-41cd-81b7-bb007d3a755d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5417e439-826a-4d9d-b06a-b8b0520148bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@lZ3 ]Ɋ& !Z3l F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=98962571-715b-41cd-81b7-bb007d3a755d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5417e439-826a-4d9d-b06a-b8b0520148bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w@**moZ ]Ɋ& )!XoZm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3f613ab1-de86-4f44-acfb-7a948620127d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nter**noZ ]Ɋ& A!XoZn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3f613ab1-de86-4f44-acfb-7a948620127d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**ooZ ]Ɋ& =!XoZo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3f613ab1-de86-4f44-acfb-7a948620127d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**poZ ]Ɋ& 5!XoZp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3f613ab1-de86-4f44-acfb-7a948620127d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**qoZ ]Ɋ& 5!XoZq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3f613ab1-de86-4f44-acfb-7a948620127d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Va**roZ ]Ɋ& 7!XoZr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3f613ab1-de86-4f44-acfb-7a948620127d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0soZ ]Ɋ& !oZs F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3f613ab1-de86-4f44-acfb-7a948620127d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cefda8b5-6463-4f20-8ff2-7b75b8244161 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@t ]Ɋ& !t F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3f613ab1-de86-4f44-acfb-7a948620127d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cefda8b5-6463-4f20-8ff2-7b75b8244161 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e44@b5c6 Pipel ]Ɋ& meXu F&e=ElfChnkuuH7sJ>Mu=VysMc&&**Xu ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ;!Xu F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=108f90c7-92cf-476c-ad3f-dccad4091b5b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pv ]Ɋ& !Xv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=108f90c7-92cf-476c-ad3f-dccad4091b5b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**hw ]Ɋ& !Xw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=108f90c7-92cf-476c-ad3f-dccad4091b5b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`x ]Ɋ& !Xx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=108f90c7-92cf-476c-ad3f-dccad4091b5b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`y ]Ɋ& !Xy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=108f90c7-92cf-476c-ad3f-dccad4091b5b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hz ]Ɋ& !Xz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=108f90c7-92cf-476c-ad3f-dccad4091b5b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h**{ ]Ɋ&  !{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=108f90c7-92cf-476c-ad3f-dccad4091b5b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bdc7a89f-3344-4c1c-a681-26e16f0c06d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U3**|3$ ]Ɋ& !3$| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=108f90c7-92cf-476c-ad3f-dccad4091b5b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bdc7a89f-3344-4c1c-a681-26e16f0c06d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8}3$ ]Ɋ& !X3$} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=af7280a1-1d6b-4a6e-9c48-5c56796742b9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P~3$ ]Ɋ& !X3$~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=af7280a1-1d6b-4a6e-9c48-5c56796742b9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P3$ ]Ɋ& !X3$ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=af7280a1-1d6b-4a6e-9c48-5c56796742b9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H3$ ]Ɋ& !X3$ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=af7280a1-1d6b-4a6e-9c48-5c56796742b9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PH**H3$ ]Ɋ& !X3$ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=af7280a1-1d6b-4a6e-9c48-5c56796742b9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**H3$ ]Ɋ& !X3$ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=af7280a1-1d6b-4a6e-9c48-5c56796742b9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**3$ ]Ɋ& !3$ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=af7280a1-1d6b-4a6e-9c48-5c56796742b9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7d7da27e-b078-46cc-a2c1-9603d38b13dc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U**3$ ]Ɋ& !3$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=af7280a1-1d6b-4a6e-9c48-5c56796742b9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7d7da27e-b078-46cc-a2c1-9603d38b13dc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X3$ ]Ɋ& !X3$ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2ce46cdf-940c-4e55-b5ac-7c36853e03d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p3$ ]Ɋ& !X3$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2ce46cdf-940c-4e55-b5ac-7c36853e03d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**h3$ ]Ɋ& !X3$ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2ce46cdf-940c-4e55-b5ac-7c36853e03d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`3$ ]Ɋ& !X3$ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2ce46cdf-940c-4e55-b5ac-7c36853e03d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`3$ ]Ɋ& !X3$ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2ce46cdf-940c-4e55-b5ac-7c36853e03d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`3$ ]Ɋ& !X3$ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2ce46cdf-940c-4e55-b5ac-7c36853e03d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**3$ ]Ɋ& !3$ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2ce46cdf-940c-4e55-b5ac-7c36853e03d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d3662709-9ab2-4bb5-889b-b6ddf0475f37 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ɼ ]Ɋ& !ɼ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2ce46cdf-940c-4e55-b5ac-7c36853e03d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d3662709-9ab2-4bb5-889b-b6ddf0475f37 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(ɼ ]Ɋ& !Xɼ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0726ee1a-f098-49c0-ab58-94acb0a3f16f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@ɼ ]Ɋ& !Xɼ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0726ee1a-f098-49c0-ab58-94acb0a3f16f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@ɼ ]Ɋ& !Xɼ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0726ee1a-f098-49c0-ab58-94acb0a3f16f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8ɼ ]Ɋ& !Xɼ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0726ee1a-f098-49c0-ab58-94acb0a3f16f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8ɼ ]Ɋ& !Xɼ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0726ee1a-f098-49c0-ab58-94acb0a3f16f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==328**8ɼ ]Ɋ& !Xɼ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0726ee1a-f098-49c0-ab58-94acb0a3f16f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**ɼ ]Ɋ& !ɼ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0726ee1a-f098-49c0-ab58-94acb0a3f16f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ecea6414-0140-421f-b26f-ef6cb62ef6ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**`U ]Ɋ& !`U F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0726ee1a-f098-49c0-ab58-94acb0a3f16f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ecea6414-0140-421f-b26f-ef6cb62ef6ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**X蓑 ]Ɋ& !X蓑 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2fe9075d-72f6-4d39-a354-ba95efa01b31 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**p蓑 ]Ɋ& !X蓑 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2fe9075d-72f6-4d39-a354-ba95efa01b31 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**p蓑 ]Ɋ& !X蓑 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2fe9075d-72f6-4d39-a354-ba95efa01b31 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**h蓑 ]Ɋ& !X蓑 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2fe9075d-72f6-4d39-a354-ba95efa01b31 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**h蓑 ]Ɋ& !X蓑 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2fe9075d-72f6-4d39-a354-ba95efa01b31 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h蓑 ]Ɋ& !X蓑 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2fe9075d-72f6-4d39-a354-ba95efa01b31 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**蓑 ]Ɋ&  !蓑 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2fe9075d-72f6-4d39-a354-ba95efa01b31 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c349a59-a292-4d2e-a051-ed77438c46c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**} ]Ɋ& !} F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2fe9075d-72f6-4d39-a354-ba95efa01b31 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c349a59-a292-4d2e-a051-ed77438c46c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **} ]Ɋ& '!X} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0fd87a03-709e-46a2-9f06-97a33dcfcd71 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**} ]Ɋ& ?!X} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0fd87a03-709e-46a2-9f06-97a33dcfcd71 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**} ]Ɋ& ;!X} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0fd87a03-709e-46a2-9f06-97a33dcfcd71 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**} ]Ɋ& 3!X} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0fd87a03-709e-46a2-9f06-97a33dcfcd71 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**} ]Ɋ& 3!X} F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0fd87a03-709e-46a2-9f06-97a33dcfcd71 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**} ]Ɋ& 5!X} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0fd87a03-709e-46a2-9f06-97a33dcfcd71 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0} ]Ɋ& !} F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0fd87a03-709e-46a2-9f06-97a33dcfcd71 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=da0fc8fa-e862-4f90-96ee-67caf06a1b93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0fd87a03-709e-46a2-9f06-97a33dcfcd71 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=da0fc8fa-e862-4f90-96ee-67caf06a1b93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 @pelineId=  ]Ɋ& maX}U F&b5c6 Pipel ]Ɋ& meXu F&e=ElfChnkhP$StMu=VysMc&&**}U ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X}U F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8a868a5f-3297-4343-ba78-7b33b91cc279 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**}U ]Ɋ& A!X}U F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8a868a5f-3297-4343-ba78-7b33b91cc279 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**}U ]Ɋ& =!X}U F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8a868a5f-3297-4343-ba78-7b33b91cc279 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**}U ]Ɋ& 5!X}U F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8a868a5f-3297-4343-ba78-7b33b91cc279 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **}U ]Ɋ& 5!X}U F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8a868a5f-3297-4343-ba78-7b33b91cc279 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=10**}U ]Ɋ& 7!X}U F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8a868a5f-3297-4343-ba78-7b33b91cc279 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**0}U ]Ɋ& !}U F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8a868a5f-3297-4343-ba78-7b33b91cc279 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed34a11a-8c5c-42b8-8723-692b264e753e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8a868a5f-3297-4343-ba78-7b33b91cc279 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed34a11a-8c5c-42b8-8723-692b264e753e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f83107b3-76c6-4c71-96e4-a3d981cea31e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f83107b3-76c6-4c71-96e4-a3d981cea31e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f83107b3-76c6-4c71-96e4-a3d981cea31e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f83107b3-76c6-4c71-96e4-a3d981cea31e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f83107b3-76c6-4c71-96e4-a3d981cea31e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f83107b3-76c6-4c71-96e4-a3d981cea31e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tarth** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f83107b3-76c6-4c71-96e4-a3d981cea31e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=742fae07-055d-4f3b-bfda-2ce07ed9881f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e ** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f83107b3-76c6-4c71-96e4-a3d981cea31e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=742fae07-055d-4f3b-bfda-2ce07ed9881f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mb**8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aecf0d52-f650-427e-9710-590cdbb7b6e3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aecf0d52-f650-427e-9710-590cdbb7b6e3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=P**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aecf0d52-f650-427e-9710-590cdbb7b6e3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtedP**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aecf0d52-f650-427e-9710-590cdbb7b6e3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FuH**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aecf0d52-f650-427e-9710-590cdbb7b6e3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aecf0d52-f650-427e-9710-590cdbb7b6e3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**@ ]Ɋ& !@ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aecf0d52-f650-427e-9710-590cdbb7b6e3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ab40ef8b-b009-48a6-badc-2dd8c8e3c933 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**@ ]Ɋ& !@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aecf0d52-f650-427e-9710-590cdbb7b6e3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ab40ef8b-b009-48a6-badc-2dd8c8e3c933 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X@ ]Ɋ& !X@ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3a6b73b2-6bf6-4162-a4db-3b40b709a8bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p@ ]Ɋ& !X@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3a6b73b2-6bf6-4162-a4db-3b40b709a8bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe= p**h@ ]Ɋ& !X@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3a6b73b2-6bf6-4162-a4db-3b40b709a8bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`@ ]Ɋ& !X@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3a6b73b2-6bf6-4162-a4db-3b40b709a8bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt`**`@ ]Ɋ& !X@ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3a6b73b2-6bf6-4162-a4db-3b40b709a8bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`@ ]Ɋ& !X@ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3a6b73b2-6bf6-4162-a4db-3b40b709a8bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**@ ]Ɋ& !@ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3a6b73b2-6bf6-4162-a4db-3b40b709a8bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4033adef-ace2-4ed8-9b02-53a9c41a62ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **@ ]Ɋ& !@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3a6b73b2-6bf6-4162-a4db-3b40b709a8bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4033adef-ace2-4ed8-9b02-53a9c41a62ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(@ ]Ɋ& !X@ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8a2a1a6f-939c-4c8b-b902-e99dca4d5487 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@@ ]Ɋ& !X@ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8a2a1a6f-939c-4c8b-b902-e99dca4d5487 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@@ ]Ɋ& !X@ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8a2a1a6f-939c-4c8b-b902-e99dca4d5487 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o('@**8@ ]Ɋ& !X@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8a2a1a6f-939c-4c8b-b902-e99dca4d5487 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayV8**8@ ]Ɋ& !X@ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8a2a1a6f-939c-4c8b-b902-e99dca4d5487 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8@ ]Ɋ& !X@ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8a2a1a6f-939c-4c8b-b902-e99dca4d5487 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um8**@ ]Ɋ& !@ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8a2a1a6f-939c-4c8b-b902-e99dca4d5487 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d0892073-35f9-40f7-8ae2-571db3dab13d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**׷ ]Ɋ& !׷ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8a2a1a6f-939c-4c8b-b902-e99dca4d5487 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d0892073-35f9-40f7-8ae2-571db3dab13d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= **X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c14cf0db-1c04-47cc-8ab3-03f6702ec7c2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c14cf0db-1c04-47cc-8ab3-03f6702ec7c2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c14cf0db-1c04-47cc-8ab3-03f6702ec7c2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a59p**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c14cf0db-1c04-47cc-8ab3-03f6702ec7c2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c14cf0db-1c04-47cc-8ab3-03f6702ec7c2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c14cf0db-1c04-47cc-8ab3-03f6702ec7c2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c14cf0db-1c04-47cc-8ab3-03f6702ec7c2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1664a987-22ee-4409-a250-8e57a1220591 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **1 ]Ɋ& !1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c14cf0db-1c04-47cc-8ab3-03f6702ec7c2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1664a987-22ee-4409-a250-8e57a1220591 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hell**1 ]Ɋ& '!X1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=15250bf3-6f64-4687-aed1-64d4360a5319 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**1 ]Ɋ& ?!X1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=15250bf3-6f64-4687-aed1-64d4360a5319 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-a2-9f06-97a3 ]Ɋ& reX1 F&ame . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=da0fc8fa-e862-4f90-96ee-67caf06a1b93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 @pelineId=  ]Ɋ& maX}U F&b5c6 Pipel ]Ɋ& meXu F&e=ElfChnk @V R>Mu=VysMc&&** 1 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X1 F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=15250bf3-6f64-4687-aed1-64d4360a5319 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **1 ]Ɋ& 3!X1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=15250bf3-6f64-4687-aed1-64d4360a5319 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=}U**1 ]Ɋ& 3!X1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=15250bf3-6f64-4687-aed1-64d4360a5319 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3b9**1 ]Ɋ& 5!X1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=15250bf3-6f64-4687-aed1-64d4360a5319 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0Dz ]Ɋ& !Dz F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=15250bf3-6f64-4687-aed1-64d4360a5319 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d5537b74-da24-4219-99fe-ead73e3fc961 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@^K ]Ɋ& !^K F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=15250bf3-6f64-4687-aed1-64d4360a5319 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d5537b74-da24-4219-99fe-ead73e3fc961 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com@**  ]Ɋ& )!X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdb29d-5cd9-459a-892e-7193959f2a19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **  ]Ɋ& A!X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdb29d-5cd9-459a-892e-7193959f2a19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tSta**  ]Ɋ& =!X  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdb29d-5cd9-459a-892e-7193959f2a19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**  ]Ɋ& 5!X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdb29d-5cd9-459a-892e-7193959f2a19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**  ]Ɋ& 5!X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdb29d-5cd9-459a-892e-7193959f2a19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ve**  ]Ɋ& 7!X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdb29d-5cd9-459a-892e-7193959f2a19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**0  ]Ɋ& !  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdb29d-5cd9-459a-892e-7193959f2a19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c5723e5-2023-4249-888a-b257107b2bbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ " ]Ɋ& ! " F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdb29d-5cd9-459a-892e-7193959f2a19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c5723e5-2023-4249-888a-b257107b2bbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X " ]Ɋ& !X " F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=670b7151-f92e-4d84-9a69-6083056c7456 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p " ]Ɋ& !X " F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=670b7151-f92e-4d84-9a69-6083056c7456 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h " ]Ɋ& !X " F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=670b7151-f92e-4d84-9a69-6083056c7456 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` " ]Ɋ& !X " F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=670b7151-f92e-4d84-9a69-6083056c7456 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` " ]Ɋ& !X " F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=670b7151-f92e-4d84-9a69-6083056c7456 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h " ]Ɋ& !X " F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=670b7151-f92e-4d84-9a69-6083056c7456 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah** " ]Ɋ&  ! " F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=670b7151-f92e-4d84-9a69-6083056c7456 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5d7461cb-ad13-4a7f-b3e0-9567c359b4da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New** " ]Ɋ& ! " F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=670b7151-f92e-4d84-9a69-6083056c7456 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5d7461cb-ad13-4a7f-b3e0-9567c359b4da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**8 " ]Ɋ& !X " F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=62964928-8381-424b-9965-b9f6025e6f16 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**P " ]Ɋ& !X " F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=62964928-8381-424b-9965-b9f6025e6f16 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**P " ]Ɋ& !X " F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=62964928-8381-424b-9965-b9f6025e6f16 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**H " ]Ɋ& !X " F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=62964928-8381-424b-9965-b9f6025e6f16 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H " ]Ɋ& !X " F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=62964928-8381-424b-9965-b9f6025e6f16 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**H " ]Ɋ& !X " F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=62964928-8381-424b-9965-b9f6025e6f16 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H** " ]Ɋ& ! " F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=62964928-8381-424b-9965-b9f6025e6f16 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=caa2cf74-1646-4a61-b4e2-7f2a398ee8fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** " ]Ɋ& ! " F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=62964928-8381-424b-9965-b9f6025e6f16 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=caa2cf74-1646-4a61-b4e2-7f2a398ee8fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X" ]Ɋ& !X" F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8a65c14b-a931-4467-b2b9-d4107295fdaf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p" ]Ɋ& !X" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8a65c14b-a931-4467-b2b9-d4107295fdaf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h" ]Ɋ& !X" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8a65c14b-a931-4467-b2b9-d4107295fdaf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`" ]Ɋ& !X" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8a65c14b-a931-4467-b2b9-d4107295fdaf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=54`**`" ]Ɋ& !X" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8a65c14b-a931-4467-b2b9-d4107295fdaf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`" ]Ɋ& !X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8a65c14b-a931-4467-b2b9-d4107295fdaf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**" ]Ɋ& !" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8a65c14b-a931-4467-b2b9-d4107295fdaf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8f995818-8bed-4fce-aa85-674936c18bc5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**" ]Ɋ& !" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8a65c14b-a931-4467-b2b9-d4107295fdaf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8f995818-8bed-4fce-aa85-674936c18bc5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0f7**(" ]Ɋ& !X" F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b33b8816-2178-4d7b-9888-cea41107487d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@" ]Ɋ& !X" F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b33b8816-2178-4d7b-9888-cea41107487d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@" ]Ɋ& !X" F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b33b8816-2178-4d7b-9888-cea41107487d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8" ]Ɋ& !X" F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b33b8816-2178-4d7b-9888-cea41107487d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8" ]Ɋ& !X" F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b33b8816-2178-4d7b-9888-cea41107487d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8" ]Ɋ& !X" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b33b8816-2178-4d7b-9888-cea41107487d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8**" ]Ɋ& !" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b33b8816-2178-4d7b-9888-cea41107487d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bc1c277d-e558-4c3c-8543-c277ac9527fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**3;# ]Ɋ& !3;# F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b33b8816-2178-4d7b-9888-cea41107487d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bc1c277d-e558-4c3c-8543-c277ac9527fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**X% ]Ɋ& !X% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e7ab198d-9fc7-403c-8b87-bfc5d35a1630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p% ]Ɋ& !X% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e7ab198d-9fc7-403c-8b87-bfc5d35a1630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p% ]Ɋ& !X% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e7ab198d-9fc7-403c-8b87-bfc5d35a1630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**h% ]Ɋ& !X% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e7ab198d-9fc7-403c-8b87-bfc5d35a1630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**h % ]Ɋ& !X%  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e7ab198d-9fc7-403c-8b87-bfc5d35a1630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& X%  F&]Ɋ& meXu F&e=ElfChnk < <H{x`Mu=VysMc&&**p % ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!X%  F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e7ab198d-9fc7-403c-8b87-bfc5d35a1630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp ** % ]Ɋ&  !%  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e7ab198d-9fc7-403c-8b87-bfc5d35a1630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea08dab2-6996-4da1-85cd-cedf73e38380 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc** % ]Ɋ& !%  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e7ab198d-9fc7-403c-8b87-bfc5d35a1630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea08dab2-6996-4da1-85cd-cedf73e38380 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio** % ]Ɋ& '!X%  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8d9804eb-9318-4e31-8bb8-ce5675eeafd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**% ]Ɋ& ?!X% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8d9804eb-9318-4e31-8bb8-ce5675eeafd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5**% ]Ɋ& ;!X% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8d9804eb-9318-4e31-8bb8-ce5675eeafd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**% ]Ɋ& 3!X% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8d9804eb-9318-4e31-8bb8-ce5675eeafd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**% ]Ɋ& 3!X% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8d9804eb-9318-4e31-8bb8-ce5675eeafd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t **% ]Ɋ& 5!X% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8d9804eb-9318-4e31-8bb8-ce5675eeafd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0% ]Ɋ& !% F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8d9804eb-9318-4e31-8bb8-ce5675eeafd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d61efc67-568a-4b86-8cee-70f1c5a2985d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=930**@$6& ]Ɋ& !$6& F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8d9804eb-9318-4e31-8bb8-ce5675eeafd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d61efc67-568a-4b86-8cee-70f1c5a2985d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**-t ]Ɋ& )!X-t F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c6f87397-a1c6-4808-b26b-7a5f95f75cc3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**-t ]Ɋ& A!X-t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c6f87397-a1c6-4808-b26b-7a5f95f75cc3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**-t ]Ɋ& =!X-t F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c6f87397-a1c6-4808-b26b-7a5f95f75cc3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la**-t ]Ɋ& 5!X-t F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c6f87397-a1c6-4808-b26b-7a5f95f75cc3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**-t ]Ɋ& 5!X-t F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c6f87397-a1c6-4808-b26b-7a5f95f75cc3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**-t ]Ɋ& 7!X-t F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c6f87397-a1c6-4808-b26b-7a5f95f75cc3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0-t ]Ɋ& !-t F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c6f87397-a1c6-4808-b26b-7a5f95f75cc3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b63e5288-d9f5-4344-9e08-12b6797963b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@Zu ]Ɋ& !Zu F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c6f87397-a1c6-4808-b26b-7a5f95f75cc3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b63e5288-d9f5-4344-9e08-12b6797963b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X`v ]Ɋ& !X`v F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0444e163-240d-4307-beac-a843f21cf279 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p`v ]Ɋ& !X`v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0444e163-240d-4307-beac-a843f21cf279 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h`v ]Ɋ& !X`v F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0444e163-240d-4307-beac-a843f21cf279 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` `v ]Ɋ& !X`v  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0444e163-240d-4307-beac-a843f21cf279 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`!`v ]Ɋ& !X`v! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0444e163-240d-4307-beac-a843f21cf279 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h"`v ]Ɋ& !X`v" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0444e163-240d-4307-beac-a843f21cf279 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vah**#`v ]Ɋ&  !`v# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0444e163-240d-4307-beac-a843f21cf279 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2531db38-0275-4891-bb41-d0565d0c39f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineS**$v ]Ɋ& !v$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0444e163-240d-4307-beac-a843f21cf279 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2531db38-0275-4891-bb41-d0565d0c39f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8%w ]Ɋ& !Xw% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1975ad6d-3864-4e3c-8b00-2710d55a155c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=am8**P&w ]Ɋ& !Xw& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1975ad6d-3864-4e3c-8b00-2710d55a155c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PP**P'w ]Ɋ& !Xw' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1975ad6d-3864-4e3c-8b00-2710d55a155c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSyP**H(w ]Ɋ& !Xw( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1975ad6d-3864-4e3c-8b00-2710d55a155c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H)w ]Ɋ& !Xw) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1975ad6d-3864-4e3c-8b00-2710d55a155c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine="H**H*w ]Ɋ& !Xw* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1975ad6d-3864-4e3c-8b00-2710d55a155c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**+w ]Ɋ& !w+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1975ad6d-3864-4e3c-8b00-2710d55a155c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1b258969-c2cd-4d03-ad23-230687437afd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,w ]Ɋ& !w, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1975ad6d-3864-4e3c-8b00-2710d55a155c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1b258969-c2cd-4d03-ad23-230687437afd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X-*x ]Ɋ& !X*x- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=94df55c4-0de0-4ebb-baf0-a46b97ab81b0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p.*x ]Ɋ& !X*x. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=94df55c4-0de0-4ebb-baf0-a46b97ab81b0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h/*x ]Ɋ& !X*x/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=94df55c4-0de0-4ebb-baf0-a46b97ab81b0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`0*x ]Ɋ& !X*x0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=94df55c4-0de0-4ebb-baf0-a46b97ab81b0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ps`**`1*x ]Ɋ& !X*x1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=94df55c4-0de0-4ebb-baf0-a46b97ab81b0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`2*x ]Ɋ& !X*x2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=94df55c4-0de0-4ebb-baf0-a46b97ab81b0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q`**3*x ]Ɋ& !*x3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=94df55c4-0de0-4ebb-baf0-a46b97ab81b0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=674ddbd3-5921-45ff-aed5-b116e3957aaa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**4*x ]Ɋ& !*x4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=94df55c4-0de0-4ebb-baf0-a46b97ab81b0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=674ddbd3-5921-45ff-aed5-b116e3957aaa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(5Jx ]Ɋ& !XJx5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=272c2d79-e461-42aa-9420-52698236999a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@6Jx ]Ɋ& !XJx6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=272c2d79-e461-42aa-9420-52698236999a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S@**@7Jx ]Ɋ& !XJx7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=272c2d79-e461-42aa-9420-52698236999a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=etC@**88Jx ]Ɋ& !XJx8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=272c2d79-e461-42aa-9420-52698236999a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNa8**89Jx ]Ɋ& !XJx9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=272c2d79-e461-42aa-9420-52698236999a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8:Jx ]Ɋ& !XJx: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=272c2d79-e461-42aa-9420-52698236999a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**;Jx ]Ɋ& !Jx; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=272c2d79-e461-42aa-9420-52698236999a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7398a2d6-e763-4f4d-9d15-d4f369b734f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<[y ]Ɋ& ![y< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=272c2d79-e461-42aa-9420-52698236999a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7398a2d6-e763-4f4d-9d15-d4f369b734f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== riptName=  ]Ɋ& Xs= F&X%  F&]Ɋ& meXu F&e=ElfChnk=n=nH QMu=VysMc&&**` =s ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!Xs= F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3f10f38-1ee3-425a-9ced-cf42a9591169 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **p>s ]Ɋ& !Xs> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3f10f38-1ee3-425a-9ced-cf42a9591169 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p?s ]Ɋ& !Xs? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3f10f38-1ee3-425a-9ced-cf42a9591169 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**h@s ]Ɋ& !Xs@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3f10f38-1ee3-425a-9ced-cf42a9591169 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**hAs ]Ɋ& !XsA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3f10f38-1ee3-425a-9ced-cf42a9591169 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hBs ]Ɋ& !XsB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3f10f38-1ee3-425a-9ced-cf42a9591169 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**CW  ]Ɋ&  !W C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3f10f38-1ee3-425a-9ced-cf42a9591169 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=caa0522d-5501-4463-a0a0-1b9a98877af7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3f10f38-1ee3-425a-9ced-cf42a9591169 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=caa0522d-5501-4463-a0a0-1b9a98877af7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**EG ]Ɋ& '!XGE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9df65cad-70bd-4815-828a-ccdfcfabdf76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**FG ]Ɋ& ?!XGF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9df65cad-70bd-4815-828a-ccdfcfabdf76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**GG ]Ɋ& ;!XGG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9df65cad-70bd-4815-828a-ccdfcfabdf76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8-b**HG ]Ɋ& 3!XGH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9df65cad-70bd-4815-828a-ccdfcfabdf76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**IG ]Ɋ& 3!XGI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9df65cad-70bd-4815-828a-ccdfcfabdf76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b26**JG ]Ɋ& 5!XGJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9df65cad-70bd-4815-828a-ccdfcfabdf76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0KG ]Ɋ& !GK F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9df65cad-70bd-4815-828a-ccdfcfabdf76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a2a8e3d1-2b2b-41fa-a0c9-fd202cc96999 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@Lޟ ]Ɋ& !ޟL F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9df65cad-70bd-4815-828a-ccdfcfabdf76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a2a8e3d1-2b2b-41fa-a0c9-fd202cc96999 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**M74y ]Ɋ& )!X74yM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0a5774c-34cb-4a79-98e2-6d4cfe660cdc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**N74y ]Ɋ& A!X74yN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0a5774c-34cb-4a79-98e2-6d4cfe660cdc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **O74y ]Ɋ& =!X74yO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0a5774c-34cb-4a79-98e2-6d4cfe660cdc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**P74y ]Ɋ& 5!X74yP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0a5774c-34cb-4a79-98e2-6d4cfe660cdc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**Q74y ]Ɋ& 5!X74yQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0a5774c-34cb-4a79-98e2-6d4cfe660cdc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **R74y ]Ɋ& 7!X74yR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0a5774c-34cb-4a79-98e2-6d4cfe660cdc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0S74y ]Ɋ& !74yS F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0a5774c-34cb-4a79-98e2-6d4cfe660cdc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f62e1407-0e60-4558-b6b1-2b602ffbb1ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@Ti5y ]Ɋ& !i5yT F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0a5774c-34cb-4a79-98e2-6d4cfe660cdc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f62e1407-0e60-4558-b6b1-2b602ffbb1ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**XU6y ]Ɋ& !X6yU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0f50d548-a4f8-4e8c-a9b3-817a1f695650 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pV6y ]Ɋ& !X6yV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0f50d548-a4f8-4e8c-a9b3-817a1f695650 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**hW6y ]Ɋ& !X6yW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0f50d548-a4f8-4e8c-a9b3-817a1f695650 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`X6y ]Ɋ& !X6yX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0f50d548-a4f8-4e8c-a9b3-817a1f695650 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**`Y6y ]Ɋ& !X6yY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0f50d548-a4f8-4e8c-a9b3-817a1f695650 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**hZ6y ]Ɋ& !X6yZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0f50d548-a4f8-4e8c-a9b3-817a1f695650 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih**[6y ]Ɋ&  !6y[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0f50d548-a4f8-4e8c-a9b3-817a1f695650 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3449513d-65e8-47b9-98e9-4e49c65c3414 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**\6y ]Ɋ& !6y\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0f50d548-a4f8-4e8c-a9b3-817a1f695650 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3449513d-65e8-47b9-98e9-4e49c65c3414 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8]6y ]Ɋ& !X6y] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dc74c0e5-dec5-433e-85c7-523320e70cc8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**P^6y ]Ɋ& !X6y^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dc74c0e5-dec5-433e-85c7-523320e70cc8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**P_6y ]Ɋ& !X6y_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dc74c0e5-dec5-433e-85c7-523320e70cc8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**H`6y ]Ɋ& !X6y` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dc74c0e5-dec5-433e-85c7-523320e70cc8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**Ha6y ]Ɋ& !X6ya F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dc74c0e5-dec5-433e-85c7-523320e70cc8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**Hb6y ]Ɋ& !X6yb F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dc74c0e5-dec5-433e-85c7-523320e70cc8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**c6y ]Ɋ& !6yc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dc74c0e5-dec5-433e-85c7-523320e70cc8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52fb5742-d7e4-43b7-b89c-cbb8ff25360d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **d6y ]Ɋ& !6yd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dc74c0e5-dec5-433e-85c7-523320e70cc8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52fb5742-d7e4-43b7-b89c-cbb8ff25360d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**XeC6y ]Ɋ& !XC6ye F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e6b79277-31bd-41ef-8f3b-473bc3878553 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5X**pfC6y ]Ɋ& !XC6yf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e6b79277-31bd-41ef-8f3b-473bc3878553 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**hgC6y ]Ɋ& !XC6yg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e6b79277-31bd-41ef-8f3b-473bc3878553 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`hC6y ]Ɋ& !XC6yh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e6b79277-31bd-41ef-8f3b-473bc3878553 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`iC6y ]Ɋ& !XC6yi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e6b79277-31bd-41ef-8f3b-473bc3878553 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`jC6y ]Ɋ& !XC6yj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e6b79277-31bd-41ef-8f3b-473bc3878553 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**kC6y ]Ɋ& !C6yk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e6b79277-31bd-41ef-8f3b-473bc3878553 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d029efb2-ed02-4200-ab69-c950a5fcbbf2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**lC6y ]Ɋ& !C6yl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e6b79277-31bd-41ef-8f3b-473bc3878553 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d029efb2-ed02-4200-ab69-c950a5fcbbf2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(m27y ]Ɋ& !X27ym F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a2b09291-d817-45cf-99b0-2fe33a070d5b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@n27y ]Ɋ& !X27yn F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a2b09291-d817-45cf-99b0-2fe33a070d5b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @riptName=  ]Ɋ& X27yo F&X%  F&]Ɋ& meXu F&e=ElfChnkooPՅMu=VysMc&&**@ o27y ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!X27yo F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a2b09291-d817-45cf-99b0-2fe33a070d5b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8p27y ]Ɋ& !X27yp F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a2b09291-d817-45cf-99b0-2fe33a070d5b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8q27y ]Ɋ& !X27yq F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a2b09291-d817-45cf-99b0-2fe33a070d5b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8r27y ]Ɋ& !X27yr F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a2b09291-d817-45cf-99b0-2fe33a070d5b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**s27y ]Ɋ& !27ys F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a2b09291-d817-45cf-99b0-2fe33a070d5b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=38860cca-bb31-42ae-b9bb-7fdb87b0d550 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re**tp7y ]Ɋ& !p7yt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a2b09291-d817-45cf-99b0-2fe33a070d5b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=38860cca-bb31-42ae-b9bb-7fdb87b0d550 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**Xu39y ]Ɋ& !X39yu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=78bb5248-937a-4622-bf87-a0409f6b47a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**pv39y ]Ɋ& !X39yv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=78bb5248-937a-4622-bf87-a0409f6b47a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pw39y ]Ɋ& !X39yw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=78bb5248-937a-4622-bf87-a0409f6b47a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**hx39y ]Ɋ& !X39yx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=78bb5248-937a-4622-bf87-a0409f6b47a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**hy39y ]Ɋ& !X39yy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=78bb5248-937a-4622-bf87-a0409f6b47a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hz39y ]Ɋ& !X39yz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=78bb5248-937a-4622-bf87-a0409f6b47a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**{39y ]Ɋ&  !39y{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=78bb5248-937a-4622-bf87-a0409f6b47a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=185cd053-6fa7-4629-830c-4a39cc4eda31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**|-:y ]Ɋ& !-:y| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=78bb5248-937a-4622-bf87-a0409f6b47a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=185cd053-6fa7-4629-830c-4a39cc4eda31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**}-:y ]Ɋ& '!X-:y} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4210abd8-ae88-471a-9b0d-13729d564ab6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**~-:y ]Ɋ& ?!X-:y~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4210abd8-ae88-471a-9b0d-13729d564ab6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**-:y ]Ɋ& ;!X-:y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4210abd8-ae88-471a-9b0d-13729d564ab6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4a**-:y ]Ɋ& 3!X-:y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4210abd8-ae88-471a-9b0d-13729d564ab6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****-:y ]Ɋ& 3!X-:y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4210abd8-ae88-471a-9b0d-13729d564ab6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a79**-:y ]Ɋ& 5!X-:y F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4210abd8-ae88-471a-9b0d-13729d564ab6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0-:y ]Ɋ& !-:y F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4210abd8-ae88-471a-9b0d-13729d564ab6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fac42c04-0e79-4d36-b96e-5ca726ead048 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@^;y ]Ɋ& !^;y F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4210abd8-ae88-471a-9b0d-13729d564ab6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fac42c04-0e79-4d36-b96e-5ca726ead048 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@** ]Ɋ& )!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=97746236-d2a0-482b-8e7f-125d925ce351 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co** ]Ɋ& A!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=97746236-d2a0-482b-8e7f-125d925ce351 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=97746236-d2a0-482b-8e7f-125d925ce351 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr** ]Ɋ& 5!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=97746236-d2a0-482b-8e7f-125d925ce351 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/** ]Ɋ& 5!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=97746236-d2a0-482b-8e7f-125d925ce351 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=56** ]Ɋ& 7!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=97746236-d2a0-482b-8e7f-125d925ce351 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0 ]Ɋ& ! F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=97746236-d2a0-482b-8e7f-125d925ce351 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c16bcd52-6b17-4798-8d7d-ebf03218ef22 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@?. ]Ɋ& !?. F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=97746236-d2a0-482b-8e7f-125d925ce351 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c16bcd52-6b17-4798-8d7d-ebf03218ef22 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**X?. ]Ɋ& !X?. F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e73861ac-f4cc-4cd3-bb4d-7d09f45c5bf3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p?. ]Ɋ& !X?. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e73861ac-f4cc-4cd3-bb4d-7d09f45c5bf3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h?. ]Ɋ& !X?. F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e73861ac-f4cc-4cd3-bb4d-7d09f45c5bf3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`?. ]Ɋ& !X?. F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e73861ac-f4cc-4cd3-bb4d-7d09f45c5bf3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`?. ]Ɋ& !X?. F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e73861ac-f4cc-4cd3-bb4d-7d09f45c5bf3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**h?. ]Ɋ& !X?. F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e73861ac-f4cc-4cd3-bb4d-7d09f45c5bf3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**?. ]Ɋ&  !?. F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e73861ac-f4cc-4cd3-bb4d-7d09f45c5bf3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=773b93e9-0663-4518-9a6c-7ec98c3b6477 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**Ɯ ]Ɋ& !Ɯ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e73861ac-f4cc-4cd3-bb4d-7d09f45c5bf3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=773b93e9-0663-4518-9a6c-7ec98c3b6477 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8Ɯ ]Ɋ& !XƜ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=991268ec-0d1e-40d5-97c2-8e048358ad18 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**PƜ ]Ɋ& !XƜ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=991268ec-0d1e-40d5-97c2-8e048358ad18 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**PƜ ]Ɋ& !XƜ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=991268ec-0d1e-40d5-97c2-8e048358ad18 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**HƜ ]Ɋ& !XƜ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=991268ec-0d1e-40d5-97c2-8e048358ad18 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**HƜ ]Ɋ& !XƜ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=991268ec-0d1e-40d5-97c2-8e048358ad18 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**HƜ ]Ɋ& !XƜ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=991268ec-0d1e-40d5-97c2-8e048358ad18 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**Ɯ ]Ɋ& !Ɯ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=991268ec-0d1e-40d5-97c2-8e048358ad18 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6c1d3520-a2a2-4552-b2e4-3e634339f1fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**Ɯ ]Ɋ& !Ɯ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=991268ec-0d1e-40d5-97c2-8e048358ad18 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6c1d3520-a2a2-4552-b2e4-3e634339f1fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**XƜ ]Ɋ& !XƜ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cc25c86f-ac2d-453b-b97a-af705f34bb83 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7yX**pƜ ]Ɋ& !XƜ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cc25c86f-ac2d-453b-b97a-af705f34bb83 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**hƜ ]Ɋ& !XƜ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cc25c86f-ac2d-453b-b97a-af705f34bb83 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  XƜ F&CommandPath= CommandLine= @riptName=  ]Ɋ& X27yo F&X%  F&]Ɋ& meXu F&e=ElfChnkXoĶ xMu=VysMc&&**hƜ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!XƜ F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cc25c86f-ac2d-453b-b97a-af705f34bb83 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`Ɯ ]Ɋ& !XƜ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cc25c86f-ac2d-453b-b97a-af705f34bb83 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`Ɯ ]Ɋ& !XƜ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cc25c86f-ac2d-453b-b97a-af705f34bb83 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**Ɯ ]Ɋ& !Ɯ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cc25c86f-ac2d-453b-b97a-af705f34bb83 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0d237351-871d-4cb5-89dc-e872dd4bbcc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **l_ ]Ɋ& !l_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cc25c86f-ac2d-453b-b97a-af705f34bb83 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0d237351-871d-4cb5-89dc-e872dd4bbcc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(l_ ]Ɋ& !Xl_ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=606d39a5-9325-42f8-8c94-4603a3d53cdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@l_ ]Ɋ& !Xl_ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=606d39a5-9325-42f8-8c94-4603a3d53cdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@l_ ]Ɋ& !Xl_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=606d39a5-9325-42f8-8c94-4603a3d53cdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8l_ ]Ɋ& !Xl_ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=606d39a5-9325-42f8-8c94-4603a3d53cdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8l_ ]Ɋ& !Xl_ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=606d39a5-9325-42f8-8c94-4603a3d53cdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8l_ ]Ɋ& !Xl_ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=606d39a5-9325-42f8-8c94-4603a3d53cdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8**l_ ]Ɋ& !l_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=606d39a5-9325-42f8-8c94-4603a3d53cdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3f551e48-208e-4ef3-a17a-4ef7984f5c03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=606d39a5-9325-42f8-8c94-4603a3d53cdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3f551e48-208e-4ef3-a17a-4ef7984f5c03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=295d256b-f43e-4427-8923-0f18577f1ed1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=295d256b-f43e-4427-8923-0f18577f1ed1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=295d256b-f43e-4427-8923-0f18577f1ed1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=295d256b-f43e-4427-8923-0f18577f1ed1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=295d256b-f43e-4427-8923-0f18577f1ed1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=295d256b-f43e-4427-8923-0f18577f1ed1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=42h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=295d256b-f43e-4427-8923-0f18577f1ed1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d674ff5e-e7a4-422b-a908-a58123b8d3c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **]Z ]Ɋ& !]Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=295d256b-f43e-4427-8923-0f18577f1ed1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d674ff5e-e7a4-422b-a908-a58123b8d3c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3ffee992-5a5a-451d-9c86-067dca8fd5ab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3ffee992-5a5a-451d-9c86-067dca8fd5ab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3ffee992-5a5a-451d-9c86-067dca8fd5ab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3ffee992-5a5a-451d-9c86-067dca8fd5ab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3ffee992-5a5a-451d-9c86-067dca8fd5ab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3ffee992-5a5a-451d-9c86-067dca8fd5ab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3ffee992-5a5a-451d-9c86-067dca8fd5ab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=84abe217-ef40-4ef8-a981-5156d87bea7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8e0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3ffee992-5a5a-451d-9c86-067dca8fd5ab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=84abe217-ef40-4ef8-a981-5156d87bea7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @**)' ]Ɋ& )!X)' F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a44e966e-c8d8-412f-b039-7bd935d2aa92 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**)' ]Ɋ& A!X)' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a44e966e-c8d8-412f-b039-7bd935d2aa92 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**)' ]Ɋ& =!X)' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a44e966e-c8d8-412f-b039-7bd935d2aa92 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **)' ]Ɋ& 5!X)' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a44e966e-c8d8-412f-b039-7bd935d2aa92 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**)' ]Ɋ& 5!X)' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a44e966e-c8d8-412f-b039-7bd935d2aa92 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**)' ]Ɋ& 7!X)' F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a44e966e-c8d8-412f-b039-7bd935d2aa92 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0' ]Ɋ& !' F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a44e966e-c8d8-412f-b039-7bd935d2aa92 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=81f8aaac-017f-4607-9cad-c763e2a793ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@V' ]Ɋ& !V' F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a44e966e-c8d8-412f-b039-7bd935d2aa92 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=81f8aaac-017f-4607-9cad-c763e2a793ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==e7@**XV' ]Ɋ& !XV' F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6dad4d79-2a45-45ab-bc26-de427dddb41f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConX**pV' ]Ɋ& !XV' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6dad4d79-2a45-45ab-bc26-de427dddb41f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVp**hV' ]Ɋ& !XV' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6dad4d79-2a45-45ab-bc26-de427dddb41f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**`V' ]Ɋ& !XV' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6dad4d79-2a45-45ab-bc26-de427dddb41f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8`**`V' ]Ɋ& !XV' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6dad4d79-2a45-45ab-bc26-de427dddb41f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5`**hV' ]Ɋ& !XV' F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6dad4d79-2a45-45ab-bc26-de427dddb41f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=358ah**V' ]Ɋ&  !V' F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6dad4d79-2a45-45ab-bc26-de427dddb41f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b09e9df0-4349-4684-96c5-1ffb5bba5edd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=us |**N' ]Ɋ& !N' F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6dad4d79-2a45-45ab-bc26-de427dddb41f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b09e9df0-4349-4684-96c5-1ffb5bba5edd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sE**8' ]Ɋ& !X' F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=44954dea-2e45-44ae-bcc9-98cbe74c2bcb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P' ]Ɋ& !X' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=44954dea-2e45-44ae-bcc9-98cbe74c2bcb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liP**P' ]Ɋ& !X' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=44954dea-2e45-44ae-bcc9-98cbe74c2bcb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=34bbP**H' ]Ɋ& !X' F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=44954dea-2e45-44ae-bcc9-98cbe74c2bcb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH]Ɋ& ]Ɋ& X' ElfChnkHBZ Mu=VysMc&&**H' ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X' F&F%g>9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=44954dea-2e45-44ae-bcc9-98cbe74c2bcb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**H' ]Ɋ& !X' F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=44954dea-2e45-44ae-bcc9-98cbe74c2bcb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**' ]Ɋ& !' F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=44954dea-2e45-44ae-bcc9-98cbe74c2bcb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0d037199-6a0e-4cd3-93b1-480be4ab2189 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**' ]Ɋ& !' F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=44954dea-2e45-44ae-bcc9-98cbe74c2bcb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0d037199-6a0e-4cd3-93b1-480be4ab2189 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X' ]Ɋ& !X' F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d4409fc1-1093-4226-862d-f52c210e2be7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**p' ]Ɋ& !X' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d4409fc1-1093-4226-862d-f52c210e2be7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**h' ]Ɋ& !X' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d4409fc1-1093-4226-862d-f52c210e2be7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`' ]Ɋ& !X' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d4409fc1-1093-4226-862d-f52c210e2be7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`' ]Ɋ& !X' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d4409fc1-1093-4226-862d-f52c210e2be7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`' ]Ɋ& !X' F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d4409fc1-1093-4226-862d-f52c210e2be7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**' ]Ɋ& !' F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d4409fc1-1093-4226-862d-f52c210e2be7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=245911e1-a32b-4b10-abcd-9d35260c1e62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**' ]Ɋ& !' F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d4409fc1-1093-4226-862d-f52c210e2be7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=245911e1-a32b-4b10-abcd-9d35260c1e62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(' ]Ɋ& !X' F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=75b69e88-ea0a-491f-b5be-fcdbb61f9bb7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c(**@' ]Ɋ& !X' F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=75b69e88-ea0a-491f-b5be-fcdbb61f9bb7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@' ]Ɋ& !X' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=75b69e88-ea0a-491f-b5be-fcdbb61f9bb7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8' ]Ɋ& !X' F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=75b69e88-ea0a-491f-b5be-fcdbb61f9bb7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8' ]Ɋ& !X' F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=75b69e88-ea0a-491f-b5be-fcdbb61f9bb7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8' ]Ɋ& !X' F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=75b69e88-ea0a-491f-b5be-fcdbb61f9bb7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**G' ]Ɋ& !G' F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=75b69e88-ea0a-491f-b5be-fcdbb61f9bb7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=714ed5c5-ff50-4628-b52a-d70518d68c6f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **I' ]Ɋ& !I' F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=75b69e88-ea0a-491f-b5be-fcdbb61f9bb7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=714ed5c5-ff50-4628-b52a-d70518d68c6f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**XD' ]Ɋ& !XD' F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=acf211f7-8c72-44d3-bde9-d7d940dabbfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pD' ]Ɋ& !XD' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=acf211f7-8c72-44d3-bde9-d7d940dabbfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pD' ]Ɋ& !XD' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=acf211f7-8c72-44d3-bde9-d7d940dabbfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hD' ]Ɋ& !XD' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=acf211f7-8c72-44d3-bde9-d7d940dabbfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hD' ]Ɋ& !XD' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=acf211f7-8c72-44d3-bde9-d7d940dabbfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hD' ]Ɋ& !XD' F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=acf211f7-8c72-44d3-bde9-d7d940dabbfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**D' ]Ɋ&  !D' F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=acf211f7-8c72-44d3-bde9-d7d940dabbfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7eea6069-8cb6-4109-b2be-9b8d1b3f2603 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**d' ]Ɋ& !d' F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=acf211f7-8c72-44d3-bde9-d7d940dabbfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7eea6069-8cb6-4109-b2be-9b8d1b3f2603 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**' ]Ɋ& '!X' F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0842d6e-0e30-4553-82d3-58c0b3af3dab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **' ]Ɋ& ?!X' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0842d6e-0e30-4553-82d3-58c0b3af3dab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**' ]Ɋ& ;!X' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0842d6e-0e30-4553-82d3-58c0b3af3dab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**' ]Ɋ& 3!X' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0842d6e-0e30-4553-82d3-58c0b3af3dab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **' ]Ɋ& 3!X' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0842d6e-0e30-4553-82d3-58c0b3af3dab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**' ]Ɋ& 5!X' F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0842d6e-0e30-4553-82d3-58c0b3af3dab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0' ]Ɋ& !' F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0842d6e-0e30-4553-82d3-58c0b3af3dab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=50822ad8-7387-4601-ae96-288b7c66bcf0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@?' ]Ɋ& !?' F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0842d6e-0e30-4553-82d3-58c0b3af3dab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=50822ad8-7387-4601-ae96-288b7c66bcf0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-c76@**UЋ ]Ɋ& )!XUЋ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=57a9b485-e1c2-4e72-a994-226c0119966c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**UЋ ]Ɋ& A!XUЋ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=57a9b485-e1c2-4e72-a994-226c0119966c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**UЋ ]Ɋ& =!XUЋ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=57a9b485-e1c2-4e72-a994-226c0119966c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**UЋ ]Ɋ& 5!XUЋ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=57a9b485-e1c2-4e72-a994-226c0119966c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**UЋ ]Ɋ& 5!XUЋ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=57a9b485-e1c2-4e72-a994-226c0119966c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**UЋ ]Ɋ& 7!XUЋ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=57a9b485-e1c2-4e72-a994-226c0119966c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V**0UЋ ]Ɋ& !UЋ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=57a9b485-e1c2-4e72-a994-226c0119966c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=14b98ccc-7762-46b0-90f8-9397e0badf15 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@цы ]Ɋ& !цы F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=57a9b485-e1c2-4e72-a994-226c0119966c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=14b98ccc-7762-46b0-90f8-9397e0badf15 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**Xцы ]Ɋ& !Xцы F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d4fe2251-a661-4954-a119-a14e03bf7898 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**pцы ]Ɋ& !Xцы F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d4fe2251-a661-4954-a119-a14e03bf7898 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hцы ]Ɋ& !Xцы F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d4fe2251-a661-4954-a119-a14e03bf7898 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`цы ]Ɋ& !Xцы F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d4fe2251-a661-4954-a119-a14e03bf7898 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`цы ]Ɋ& !Xцы F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d4fe2251-a661-4954-a119-a14e03bf7898 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==` FH] ]Ɋ& Xцы F& ElfChnk22O,0Mu=VysMc&&**hцы ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! I!Xцы F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d4fe2251-a661-4954-a119-a14e03bf7898 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hҋ ]Ɋ&  !hҋ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d4fe2251-a661-4954-a119-a14e03bf7898 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d7a9a07-0c0b-435a-9ea2-1d44fc61366a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**hҋ ]Ɋ& !hҋ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d4fe2251-a661-4954-a119-a14e03bf7898 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d7a9a07-0c0b-435a-9ea2-1d44fc61366a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8hҋ ]Ɋ& !Xhҋ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6dcdcfb-af85-4bbf-8b6f-0e81349992f1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Phҋ ]Ɋ& !Xhҋ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6dcdcfb-af85-4bbf-8b6f-0e81349992f1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Phҋ ]Ɋ& !Xhҋ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6dcdcfb-af85-4bbf-8b6f-0e81349992f1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**Hhҋ ]Ɋ& !Xhҋ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6dcdcfb-af85-4bbf-8b6f-0e81349992f1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**H hҋ ]Ɋ& !Xhҋ  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6dcdcfb-af85-4bbf-8b6f-0e81349992f1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**H hҋ ]Ɋ& !Xhҋ  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6dcdcfb-af85-4bbf-8b6f-0e81349992f1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H** hҋ ]Ɋ& !hҋ  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6dcdcfb-af85-4bbf-8b6f-0e81349992f1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d84918fe-c0be-4d88-9227-f4df690a04c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** hҋ ]Ɋ& !hҋ  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6dcdcfb-af85-4bbf-8b6f-0e81349992f1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d84918fe-c0be-4d88-9227-f4df690a04c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X +Ӌ ]Ɋ& !X+Ӌ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9fae5fb4-3281-47f7-bb93-b73ec8fca0e0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**p+Ӌ ]Ɋ& !X+Ӌ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9fae5fb4-3281-47f7-bb93-b73ec8fca0e0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**h+Ӌ ]Ɋ& !X+Ӌ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9fae5fb4-3281-47f7-bb93-b73ec8fca0e0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`+Ӌ ]Ɋ& !X+Ӌ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9fae5fb4-3281-47f7-bb93-b73ec8fca0e0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`+Ӌ ]Ɋ& !X+Ӌ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9fae5fb4-3281-47f7-bb93-b73ec8fca0e0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`+Ӌ ]Ɋ& !X+Ӌ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9fae5fb4-3281-47f7-bb93-b73ec8fca0e0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**+Ӌ ]Ɋ& !+Ӌ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9fae5fb4-3281-47f7-bb93-b73ec8fca0e0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ecc823b-4c8b-4113-9434-419f8fc47c04 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**+Ӌ ]Ɋ& !+Ӌ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9fae5fb4-3281-47f7-bb93-b73ec8fca0e0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ecc823b-4c8b-4113-9434-419f8fc47c04 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(+Ӌ ]Ɋ& !X+Ӌ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2c5c88e8-e323-4ff9-b486-55846ec5ab28 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@+Ӌ ]Ɋ& !X+Ӌ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2c5c88e8-e323-4ff9-b486-55846ec5ab28 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@+Ӌ ]Ɋ& !X+Ӌ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2c5c88e8-e323-4ff9-b486-55846ec5ab28 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**8+Ӌ ]Ɋ& !X+Ӌ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2c5c88e8-e323-4ff9-b486-55846ec5ab28 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8+Ӌ ]Ɋ& !X+Ӌ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2c5c88e8-e323-4ff9-b486-55846ec5ab28 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8+Ӌ ]Ɋ& !X+Ӌ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2c5c88e8-e323-4ff9-b486-55846ec5ab28 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**+Ӌ ]Ɋ& !+Ӌ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2c5c88e8-e323-4ff9-b486-55846ec5ab28 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9a5c6cd3-3dde-4d47-adeb-cdfae1f64142 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**XՋ ]Ɋ& !XՋ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2c5c88e8-e323-4ff9-b486-55846ec5ab28 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9a5c6cd3-3dde-4d47-adeb-cdfae1f64142 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**X ً ]Ɋ& !X ً F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a0a8cd16-ed47-468f-8c84-0780368acb56 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**p ً ]Ɋ& !X ً F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a0a8cd16-ed47-468f-8c84-0780368acb56 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p ً ]Ɋ& !X ً F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a0a8cd16-ed47-468f-8c84-0780368acb56 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfop**h ً ]Ɋ& !X ً  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a0a8cd16-ed47-468f-8c84-0780368acb56 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insh**h! ً ]Ɋ& !X ً! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a0a8cd16-ed47-468f-8c84-0780368acb56 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIdh**h" ً ]Ɋ& !X ً" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a0a8cd16-ed47-468f-8c84-0780368acb56 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omh**# ً ]Ɋ&  ! ً# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a0a8cd16-ed47-468f-8c84-0780368acb56 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bddbb92c-ae04-4414-a336-f0ed1582ffd7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$wڋ ]Ɋ& !wڋ$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a0a8cd16-ed47-468f-8c84-0780368acb56 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bddbb92c-ae04-4414-a336-f0ed1582ffd7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oleH**%9ۋ ]Ɋ& '!X9ۋ% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6b92006a-bafc-44bf-90fa-5c29cdfda3b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**&9ۋ ]Ɋ& ?!X9ۋ& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6b92006a-bafc-44bf-90fa-5c29cdfda3b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**'9ۋ ]Ɋ& ;!X9ۋ' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6b92006a-bafc-44bf-90fa-5c29cdfda3b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**(9ۋ ]Ɋ& 3!X9ۋ( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6b92006a-bafc-44bf-90fa-5c29cdfda3b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **)9ۋ ]Ɋ& 3!X9ۋ) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6b92006a-bafc-44bf-90fa-5c29cdfda3b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame***9ۋ ]Ɋ& 5!X9ۋ* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6b92006a-bafc-44bf-90fa-5c29cdfda3b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rs**0+9ۋ ]Ɋ& !9ۋ+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6b92006a-bafc-44bf-90fa-5c29cdfda3b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=99708748-85d4-4a09-88ca-4adafdccebb8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er0**@,fA܋ ]Ɋ& !fA܋, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6b92006a-bafc-44bf-90fa-5c29cdfda3b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=99708748-85d4-4a09-88ca-4adafdccebb8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=adf1@**-4 ]Ɋ& )!X4- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=prod**.4 ]Ɋ& A!X4. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se**/4 ]Ɋ& =!X4/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=78**04 ]Ɋ& 5!X40 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**14 ]Ɋ& 5!X41 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**24 ]Ɋ& 7!X42 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk3b3bU[?IuMu=VysMc&&**83w͂ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !w͂3 F&F%g>9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=64115f3d-e003-4a11-b9fd-71627b2df8e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@4f ]Ɋ& !f4 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=64115f3d-e003-4a11-b9fd-71627b2df8e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**X5 ]Ɋ& !X5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb5d212d-b0f5-4d23-bb2f-800f4fdc8863 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**p6 ]Ɋ& !X6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb5d212d-b0f5-4d23-bb2f-800f4fdc8863 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**h7 ]Ɋ& !X7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb5d212d-b0f5-4d23-bb2f-800f4fdc8863 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**`8 ]Ɋ& !X8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb5d212d-b0f5-4d23-bb2f-800f4fdc8863 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**`9 ]Ɋ& !X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb5d212d-b0f5-4d23-bb2f-800f4fdc8863 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**h: ]Ɋ& !X: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb5d212d-b0f5-4d23-bb2f-800f4fdc8863 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh**; ]Ɋ&  !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb5d212d-b0f5-4d23-bb2f-800f4fdc8863 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc02299a-6388-48cc-b830-507d740f044f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb5d212d-b0f5-4d23-bb2f-800f4fdc8863 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc02299a-6388-48cc-b830-507d740f044f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8= ]Ɋ& !X= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0f5f26f7-7d1b-42b4-9ed3-6a526bdcb887 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**P> ]Ɋ& !X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0f5f26f7-7d1b-42b4-9ed3-6a526bdcb887 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**P? ]Ɋ& !X? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0f5f26f7-7d1b-42b4-9ed3-6a526bdcb887 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**H@ ]Ɋ& !X@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0f5f26f7-7d1b-42b4-9ed3-6a526bdcb887 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**HA ]Ɋ& !XA F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0f5f26f7-7d1b-42b4-9ed3-6a526bdcb887 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**HB ]Ɋ& !XB F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0f5f26f7-7d1b-42b4-9ed3-6a526bdcb887 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH**C ]Ɋ& !C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0f5f26f7-7d1b-42b4-9ed3-6a526bdcb887 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8344bbde-ecda-4597-87e5-6a7171ff2e62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0f5f26f7-7d1b-42b4-9ed3-6a526bdcb887 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8344bbde-ecda-4597-87e5-6a7171ff2e62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XE; ]Ɋ& !X;E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ebe01984-2f71-4da4-9f42-f5b8905e3936 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==2ecX**pF; ]Ɋ& !X;F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ebe01984-2f71-4da4-9f42-f5b8905e3936 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hG; ]Ɋ& !X;G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ebe01984-2f71-4da4-9f42-f5b8905e3936 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**`H; ]Ɋ& !X;H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ebe01984-2f71-4da4-9f42-f5b8905e3936 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**`I; ]Ɋ& !X;I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ebe01984-2f71-4da4-9f42-f5b8905e3936 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**`J; ]Ɋ& !X;J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ebe01984-2f71-4da4-9f42-f5b8905e3936 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**K; ]Ɋ& !;K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ebe01984-2f71-4da4-9f42-f5b8905e3936 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1fd31db4-6cea-4d90-a092-d6dd03697653 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**L; ]Ɋ& !;L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ebe01984-2f71-4da4-9f42-f5b8905e3936 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1fd31db4-6cea-4d90-a092-d6dd03697653 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(M; ]Ɋ& !X;M F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8aab1406-76df-45b6-96cd-348515a4eb74 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@N; ]Ɋ& !X;N F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8aab1406-76df-45b6-96cd-348515a4eb74 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@O; ]Ɋ& !X;O F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8aab1406-76df-45b6-96cd-348515a4eb74 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**8P; ]Ɋ& !X;P F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8aab1406-76df-45b6-96cd-348515a4eb74 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**8Q; ]Ɋ& !X;Q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8aab1406-76df-45b6-96cd-348515a4eb74 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**8R; ]Ɋ& !X;R F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8aab1406-76df-45b6-96cd-348515a4eb74 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**S; ]Ɋ& !;S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8aab1406-76df-45b6-96cd-348515a4eb74 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b8758e2e-20fa-416f-84e2-73afb0ab61ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru**T/ ]Ɋ& !/T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8aab1406-76df-45b6-96cd-348515a4eb74 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b8758e2e-20fa-416f-84e2-73afb0ab61ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**XU ]Ɋ& !XU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c304d8c4-906c-45b7-b8df-85e50e5b93e7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**pV ]Ɋ& !XV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c304d8c4-906c-45b7-b8df-85e50e5b93e7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**pW ]Ɋ& !XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c304d8c4-906c-45b7-b8df-85e50e5b93e7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**hX ]Ɋ& !XX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c304d8c4-906c-45b7-b8df-85e50e5b93e7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**hY ]Ɋ& !XY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c304d8c4-906c-45b7-b8df-85e50e5b93e7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**hZ ]Ɋ& !XZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c304d8c4-906c-45b7-b8df-85e50e5b93e7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**[ ]Ɋ&  ![ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c304d8c4-906c-45b7-b8df-85e50e5b93e7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a5433ef9-cf06-492a-adfd-dbdc6282062c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\* ]Ɋ& !*\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c304d8c4-906c-45b7-b8df-85e50e5b93e7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a5433ef9-cf06-492a-adfd-dbdc6282062c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var**]* ]Ɋ& '!X*] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0bfd214a-c874-436d-9a61-9f2c5ed5b554 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**^* ]Ɋ& ?!X*^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0bfd214a-c874-436d-9a61-9f2c5ed5b554 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**_* ]Ɋ& ;!X*_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0bfd214a-c874-436d-9a61-9f2c5ed5b554 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**`* ]Ɋ& 3!X*` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0bfd214a-c874-436d-9a61-9f2c5ed5b554 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**a* ]Ɋ& 3!X*a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0bfd214a-c874-436d-9a61-9f2c5ed5b554 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**b* ]Ɋ& 5!X*b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0bfd214a-c874-436d-9a61-9f2c5ed5b554 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 35*c F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**24 ]Ɋ& 7!X42 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkccH|89nMu=VysMc&&**8 c* ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !*c F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0bfd214a-c874-436d-9a61-9f2c5ed5b554 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fae90d1e-c81c-46eb-a7ed-d3b257532d45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f-78 **@d[ ]Ɋ& ![d F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0bfd214a-c874-436d-9a61-9f2c5ed5b554 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fae90d1e-c81c-46eb-a7ed-d3b257532d45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**el6: ]Ɋ& )!Xl6:e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9e9b06e-a1bc-446c-8a00-cb0cf68f965c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**fl6: ]Ɋ& A!Xl6:f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9e9b06e-a1bc-446c-8a00-cb0cf68f965c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **gl6: ]Ɋ& =!Xl6:g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9e9b06e-a1bc-446c-8a00-cb0cf68f965c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **hl6: ]Ɋ& 5!Xl6:h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9e9b06e-a1bc-446c-8a00-cb0cf68f965c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=23**il6: ]Ɋ& 5!Xl6:i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9e9b06e-a1bc-446c-8a00-cb0cf68f965c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**jl6: ]Ɋ& 7!Xl6:j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9e9b06e-a1bc-446c-8a00-cb0cf68f965c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0kl6: ]Ɋ& !l6:k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9e9b06e-a1bc-446c-8a00-cb0cf68f965c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b001ed4c-c4ed-4c03-93a0-5d908759434b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@lg: ]Ɋ& !g:l F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9e9b06e-a1bc-446c-8a00-cb0cf68f965c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b001ed4c-c4ed-4c03-93a0-5d908759434b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**Xmg: ]Ɋ& !Xg:m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=53a7e2b8-1105-440b-98db-599f7a4442ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=>X**png: ]Ɋ& !Xg:n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=53a7e2b8-1105-440b-98db-599f7a4442ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hog: ]Ɋ& !Xg:o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=53a7e2b8-1105-440b-98db-599f7a4442ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`pg: ]Ɋ& !Xg:p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=53a7e2b8-1105-440b-98db-599f7a4442ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`qg: ]Ɋ& !Xg:q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=53a7e2b8-1105-440b-98db-599f7a4442ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hrg: ]Ɋ& !Xg:r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=53a7e2b8-1105-440b-98db-599f7a4442ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**s/: ]Ɋ&  !/:s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=53a7e2b8-1105-440b-98db-599f7a4442ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e72b3ca5-3396-494a-8f5e-42e667454cbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**t/: ]Ɋ& !/:t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=53a7e2b8-1105-440b-98db-599f7a4442ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e72b3ca5-3396-494a-8f5e-42e667454cbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**8u/: ]Ɋ& !X/:u F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ce0be298-35c4-40af-9c90-6a4a96fccc99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pv/: ]Ɋ& !X/:v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ce0be298-35c4-40af-9c90-6a4a96fccc99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pw/: ]Ɋ& !X/:w F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ce0be298-35c4-40af-9c90-6a4a96fccc99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**Hx/: ]Ɋ& !X/:x F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ce0be298-35c4-40af-9c90-6a4a96fccc99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hy/: ]Ɋ& !X/:y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ce0be298-35c4-40af-9c90-6a4a96fccc99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hz/: ]Ɋ& !X/:z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ce0be298-35c4-40af-9c90-6a4a96fccc99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**{/: ]Ɋ& !/:{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ce0be298-35c4-40af-9c90-6a4a96fccc99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31399741-4019-4752-9a82-5411ba38ab9f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|Ƙ: ]Ɋ& !Ƙ:| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ce0be298-35c4-40af-9c90-6a4a96fccc99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31399741-4019-4752-9a82-5411ba38ab9f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X}Ƙ: ]Ɋ& !XƘ:} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=108a5f92-54cf-4c4a-b54c-8ecd703e0d22 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p~Ƙ: ]Ɋ& !XƘ:~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=108a5f92-54cf-4c4a-b54c-8ecd703e0d22 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**hƘ: ]Ɋ& !XƘ: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=108a5f92-54cf-4c4a-b54c-8ecd703e0d22 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`Ƙ: ]Ɋ& !XƘ: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=108a5f92-54cf-4c4a-b54c-8ecd703e0d22 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=14`**`Ƙ: ]Ɋ& !XƘ: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=108a5f92-54cf-4c4a-b54c-8ecd703e0d22 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**`Ƙ: ]Ɋ& !XƘ: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=108a5f92-54cf-4c4a-b54c-8ecd703e0d22 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Ƙ: ]Ɋ& !Ƙ: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=108a5f92-54cf-4c4a-b54c-8ecd703e0d22 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1a7a713c-9c48-46ab-8618-f7380b30b620 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**Ƙ: ]Ɋ& !Ƙ: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=108a5f92-54cf-4c4a-b54c-8ecd703e0d22 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1a7a713c-9c48-46ab-8618-f7380b30b620 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(Ƙ: ]Ɋ& !XƘ: F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=92192fb1-8aa0-4c0f-9f49-f740e41921da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@Ƙ: ]Ɋ& !XƘ: F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=92192fb1-8aa0-4c0f-9f49-f740e41921da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@Ƙ: ]Ɋ& !XƘ: F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=92192fb1-8aa0-4c0f-9f49-f740e41921da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**8Ƙ: ]Ɋ& !XƘ: F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=92192fb1-8aa0-4c0f-9f49-f740e41921da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**8Ƙ: ]Ɋ& !XƘ: F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=92192fb1-8aa0-4c0f-9f49-f740e41921da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8Ƙ: ]Ɋ& !XƘ: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=92192fb1-8aa0-4c0f-9f49-f740e41921da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**\1: ]Ɋ& !\1: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=92192fb1-8aa0-4c0f-9f49-f740e41921da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c36bbf8e-f2b7-4e58-b52c-a61b125a9c86 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**ɓ: ]Ɋ& !ɓ: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=92192fb1-8aa0-4c0f-9f49-f740e41921da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c36bbf8e-f2b7-4e58-b52c-a61b125a9c86 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**X: ]Ɋ& !X: F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e371b6ee-0031-417e-9a82-26e85dde373f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**p: ]Ɋ& !X: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e371b6ee-0031-417e-9a82-26e85dde373f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p: ]Ɋ& !X: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e371b6ee-0031-417e-9a82-26e85dde373f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**h: ]Ɋ& !X: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e371b6ee-0031-417e-9a82-26e85dde373f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**h: ]Ɋ& !X: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e371b6ee-0031-417e-9a82-26e85dde373f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**h: ]Ɋ& !X: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e371b6ee-0031-417e-9a82-26e85dde373f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**: ]Ɋ&  !: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e371b6ee-0031-417e-9a82-26e85dde373f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b61f281-a305-4499-9265-bc7b97a65c28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**M,: ]Ɋ& !M,: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e371b6ee-0031-417e-9a82-26e85dde373f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b61f281-a305-4499-9265-bc7b97a65c28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=35* ]Ɋ&  CXĖ: F&ommandPath= CommandLine=wP**24 ]Ɋ& 7!X42 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk(?6$c"NMu=VysMc&&** Ė: ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XĖ: F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2d248ce9-d9dd-4548-b3e9-668200fb571a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Ė: ]Ɋ& ?!XĖ: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2d248ce9-d9dd-4548-b3e9-668200fb571a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Ė: ]Ɋ& ;!XĖ: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2d248ce9-d9dd-4548-b3e9-668200fb571a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **Ė: ]Ɋ& 3!XĖ: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2d248ce9-d9dd-4548-b3e9-668200fb571a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**Ė: ]Ɋ& 3!XĖ: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2d248ce9-d9dd-4548-b3e9-668200fb571a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**Ė: ]Ɋ& 5!XĖ: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2d248ce9-d9dd-4548-b3e9-668200fb571a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0Ė: ]Ɋ& !Ė: F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2d248ce9-d9dd-4548-b3e9-668200fb571a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c38e0b2f-886d-4735-9241-07181c3a8da8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@z]: ]Ɋ& !z]: F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2d248ce9-d9dd-4548-b3e9-668200fb571a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c38e0b2f-886d-4735-9241-07181c3a8da8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @**t ]Ɋ& )!Xt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7b6241d6-3ae9-4582-91d3-fa4a28a705e9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**t ]Ɋ& A!Xt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7b6241d6-3ae9-4582-91d3-fa4a28a705e9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsta**t ]Ɋ& =!Xt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7b6241d6-3ae9-4582-91d3-fa4a28a705e9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0b**t ]Ɋ& 5!Xt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7b6241d6-3ae9-4582-91d3-fa4a28a705e9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**t ]Ɋ& 5!Xt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7b6241d6-3ae9-4582-91d3-fa4a28a705e9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**t ]Ɋ& 7!Xt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7b6241d6-3ae9-4582-91d3-fa4a28a705e9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0t ]Ɋ& !t F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7b6241d6-3ae9-4582-91d3-fa4a28a705e9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91c6a27c-b813-4ede-9778-371cf5a39034 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**@u ]Ɋ& !u F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7b6241d6-3ae9-4582-91d3-fa4a28a705e9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91c6a27c-b813-4ede-9778-371cf5a39034 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**Xu ]Ɋ& !Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3efa07d1-be2b-4f06-8e98-b5e39c71810f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**pu ]Ɋ& !Xu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3efa07d1-be2b-4f06-8e98-b5e39c71810f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hu ]Ɋ& !Xu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3efa07d1-be2b-4f06-8e98-b5e39c71810f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`u ]Ɋ& !Xu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3efa07d1-be2b-4f06-8e98-b5e39c71810f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**`u ]Ɋ& !Xu F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3efa07d1-be2b-4f06-8e98-b5e39c71810f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hu ]Ɋ& !Xu F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3efa07d1-be2b-4f06-8e98-b5e39c71810f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=/h**u ]Ɋ&  !u F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3efa07d1-be2b-4f06-8e98-b5e39c71810f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0bd19221-b378-4c6a-b6e0-8f5df94016bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**u ]Ɋ& !u F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3efa07d1-be2b-4f06-8e98-b5e39c71810f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0bd19221-b378-4c6a-b6e0-8f5df94016bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8^v ]Ɋ& !X^v F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdbe97-23fa-418c-a834-becd4aa6675e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P^v ]Ɋ& !X^v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdbe97-23fa-418c-a834-becd4aa6675e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ƘP**P^v ]Ɋ& !X^v F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdbe97-23fa-418c-a834-becd4aa6675e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stP**H^v ]Ɋ& !X^v F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdbe97-23fa-418c-a834-becd4aa6675e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**H^v ]Ɋ& !X^v F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdbe97-23fa-418c-a834-becd4aa6675e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**H^v ]Ɋ& !X^v F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdbe97-23fa-418c-a834-becd4aa6675e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ameH**^v ]Ɋ& !^v F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdbe97-23fa-418c-a834-becd4aa6675e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91985db6-1e47-440b-bb4f-12307d655630 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **^v ]Ɋ& !^v F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdbe97-23fa-418c-a834-becd4aa6675e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91985db6-1e47-440b-bb4f-12307d655630 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X^v ]Ɋ& !X^v F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dc5ab88e-921e-46ba-8fcb-495e54aebdb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortX**p^v ]Ɋ& !X^v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dc5ab88e-921e-46ba-8fcb-495e54aebdb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=se.pp**h^v ]Ɋ& !X^v F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dc5ab88e-921e-46ba-8fcb-495e54aebdb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cah**`^v ]Ɋ& !X^v F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dc5ab88e-921e-46ba-8fcb-495e54aebdb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`^v ]Ɋ& !X^v F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dc5ab88e-921e-46ba-8fcb-495e54aebdb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`^v ]Ɋ& !X^v F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dc5ab88e-921e-46ba-8fcb-495e54aebdb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**^v ]Ɋ& !^v F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dc5ab88e-921e-46ba-8fcb-495e54aebdb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83428feb-3d3a-42c4-bc16-defd5d78214c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R**^v ]Ɋ& !^v F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dc5ab88e-921e-46ba-8fcb-495e54aebdb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83428feb-3d3a-42c4-bc16-defd5d78214c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obj**(-w ]Ɋ& !X-w F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=239c6a03-bd42-489f-8e4f-97f7e22a2723 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@-w ]Ɋ& !X-w F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=239c6a03-bd42-489f-8e4f-97f7e22a2723 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@-w ]Ɋ& !X-w F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=239c6a03-bd42-489f-8e4f-97f7e22a2723 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6e8@**8-w ]Ɋ& !X-w F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=239c6a03-bd42-489f-8e4f-97f7e22a2723 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8-w ]Ɋ& !X-w F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=239c6a03-bd42-489f-8e4f-97f7e22a2723 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tNa8**8-w ]Ɋ& !X-w F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=239c6a03-bd42-489f-8e4f-97f7e22a2723 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge8**-w ]Ɋ& !-w F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=239c6a03-bd42-489f-8e4f-97f7e22a2723 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c2e6107c-4600-448c-9deb-9a4e322d98d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=al**w ]Ɋ& !w F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=239c6a03-bd42-489f-8e4f-97f7e22a2723 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c2e6107c-4600-448c-9deb-9a4e322d98d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=432N**XOy ]Ɋ& !XOy F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=da27c533-e325-457d-add8-08c541e522fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EX**pOy ]Ɋ& !XOy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=da27c533-e325-457d-add8-08c541e522fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pOy ]Ɋ& !XOy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=da27c533-e325-457d-add8-08c541e522fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=pnsoleHost  ]Ɋ& d-XOy F&n=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk(}Mu=VysMc&&**h Oy ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!XOy F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=da27c533-e325-457d-add8-08c541e522fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **hOy ]Ɋ& !XOy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=da27c533-e325-457d-add8-08c541e522fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**hOy ]Ɋ& !XOy F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=da27c533-e325-457d-add8-08c541e522fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch**Oy ]Ɋ&  !Oy F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=da27c533-e325-457d-add8-08c541e522fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a7f76f9-b74e-4c0f-9e2e-eff4a73c7034 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**(z ]Ɋ& !(z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=da27c533-e325-457d-add8-08c541e522fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a7f76f9-b74e-4c0f-9e2e-eff4a73c7034 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst**#} ]Ɋ& '!X#} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c5ca0969-57b1-4560-b001-c1737dc48fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**#} ]Ɋ& ?!X#} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c5ca0969-57b1-4560-b001-c1737dc48fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**#} ]Ɋ& ;!X#} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c5ca0969-57b1-4560-b001-c1737dc48fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**#} ]Ɋ& 3!X#} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c5ca0969-57b1-4560-b001-c1737dc48fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**#} ]Ɋ& 3!X#} F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c5ca0969-57b1-4560-b001-c1737dc48fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**#} ]Ɋ& 5!X#} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c5ca0969-57b1-4560-b001-c1737dc48fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**0#} ]Ɋ& !#} F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c5ca0969-57b1-4560-b001-c1737dc48fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=44f2a42b-682f-41bf-b684-a15a4ee94487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@U~ ]Ɋ& !U~ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c5ca0969-57b1-4560-b001-c1737dc48fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=44f2a42b-682f-41bf-b684-a15a4ee94487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**  ]Ɋ& )!X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d6854033-def5-4fc1-8791-99a424dd8453 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**  ]Ɋ& A!X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d6854033-def5-4fc1-8791-99a424dd8453 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**  ]Ɋ& =!X  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d6854033-def5-4fc1-8791-99a424dd8453 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**  ]Ɋ& 5!X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d6854033-def5-4fc1-8791-99a424dd8453 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g **  ]Ɋ& 5!X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d6854033-def5-4fc1-8791-99a424dd8453 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na**  ]Ɋ& 7!X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d6854033-def5-4fc1-8791-99a424dd8453 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0  ]Ɋ& !  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d6854033-def5-4fc1-8791-99a424dd8453 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=230b6e33-e971-4d23-8e01-57d73a26305e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=30**@  ]Ɋ& !  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d6854033-def5-4fc1-8791-99a424dd8453 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=230b6e33-e971-4d23-8e01-57d73a26305e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C@**X  ]Ɋ& !X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=658cb9d6-9082-41ae-a5c3-982dcea3528a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artX**p  ]Ɋ& !X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=658cb9d6-9082-41ae-a5c3-982dcea3528a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceNp**h  ]Ɋ& !X  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=658cb9d6-9082-41ae-a5c3-982dcea3528a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`  ]Ɋ& !X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=658cb9d6-9082-41ae-a5c3-982dcea3528a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**`  ]Ɋ& !X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=658cb9d6-9082-41ae-a5c3-982dcea3528a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s`**h  ]Ɋ& !X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=658cb9d6-9082-41ae-a5c3-982dcea3528a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 h**  ]Ɋ&  !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=658cb9d6-9082-41ae-a5c3-982dcea3528a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b5f75eda-3a49-40b9-ac09-9efddc2fd827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ppli**Sz  ]Ɋ& !Sz  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=658cb9d6-9082-41ae-a5c3-982dcea3528a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b5f75eda-3a49-40b9-ac09-9efddc2fd827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**8Sz  ]Ɋ& !XSz  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c2bbb426-f4c2-4863-9046-63e28cb07176 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b-8**PSz  ]Ɋ& !XSz  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c2bbb426-f4c2-4863-9046-63e28cb07176 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8eP**PSz  ]Ɋ& !XSz  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c2bbb426-f4c2-4863-9046-63e28cb07176 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HP**HSz  ]Ɋ& !XSz  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c2bbb426-f4c2-4863-9046-63e28cb07176 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVerH**HSz  ]Ɋ& !XSz  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c2bbb426-f4c2-4863-9046-63e28cb07176 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leHoH**HSz  ]Ɋ& !XSz  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c2bbb426-f4c2-4863-9046-63e28cb07176 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stNH**Sz  ]Ɋ& !Sz  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c2bbb426-f4c2-4863-9046-63e28cb07176 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb7d824a-1195-4039-a958-83a8be97d5b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsi**Sz  ]Ɋ& !Sz  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c2bbb426-f4c2-4863-9046-63e28cb07176 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb7d824a-1195-4039-a958-83a8be97d5b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**XSz  ]Ɋ& !XSz  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=43ad4095-c61f-4cec-94e8-e44eb920aa81 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SX**pSz  ]Ɋ& !XSz  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=43ad4095-c61f-4cec-94e8-e44eb920aa81 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hSz  ]Ɋ& !XSz  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=43ad4095-c61f-4cec-94e8-e44eb920aa81 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**`Sz  ]Ɋ& !XSz  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=43ad4095-c61f-4cec-94e8-e44eb920aa81 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`Sz  ]Ɋ& !XSz  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=43ad4095-c61f-4cec-94e8-e44eb920aa81 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll`**`Sz  ]Ɋ& !XSz  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=43ad4095-c61f-4cec-94e8-e44eb920aa81 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**Sz  ]Ɋ& !Sz  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=43ad4095-c61f-4cec-94e8-e44eb920aa81 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=66c0ac89-7980-4a5b-920f-bc5616b25a44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=43ad4095-c61f-4cec-94e8-e44eb920aa81 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=66c0ac89-7980-4a5b-920f-bc5616b25a44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uen**(  ]Ɋ& !X  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=532c918a-35f1-45c1-b73c-a7ee451c2b0e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t(**@  ]Ɋ& !X  F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=532c918a-35f1-45c1-b73c-a7ee451c2b0e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@  ]Ɋ& !X  F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=532c918a-35f1-45c1-b73c-a7ee451c2b0e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**8  ]Ɋ& !X  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=532c918a-35f1-45c1-b73c-a7ee451c2b0e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liz8**8  ]Ɋ& !X  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=532c918a-35f1-45c1-b73c-a7ee451c2b0e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin8**8  ]Ɋ& !X  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=532c918a-35f1-45c1-b73c-a7ee451c2b0e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnk,,@:KWԹ Mu=VysMc&&**   ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! m!  F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=532c918a-35f1-45c1-b73c-a7ee451c2b0e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=57c99318-71a0-4ee8-b74d-7df0e00f1b3d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio **  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=532c918a-35f1-45c1-b73c-a7ee451c2b0e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=57c99318-71a0-4ee8-b74d-7df0e00f1b3d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izat**XCu  ]Ɋ& !XCu  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=717799cd-8b40-4789-be4e-25017af2a0b5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pCu  ]Ɋ& !XCu  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=717799cd-8b40-4789-be4e-25017af2a0b5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**pCu  ]Ɋ& !XCu  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=717799cd-8b40-4789-be4e-25017af2a0b5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=opep**hCu  ]Ɋ& !XCu  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=717799cd-8b40-4789-be4e-25017af2a0b5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ltuh**hCu  ]Ɋ& !XCu  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=717799cd-8b40-4789-be4e-25017af2a0b5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hCu  ]Ɋ& !XCu  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=717799cd-8b40-4789-be4e-25017af2a0b5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Idh**Cu  ]Ɋ&  !Cu  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=717799cd-8b40-4789-be4e-25017af2a0b5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6abdbd82-d81c-41bc-a570-bdfd8203f7f6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=#}**p  ]Ɋ& !p  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=717799cd-8b40-4789-be4e-25017af2a0b5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6abdbd82-d81c-41bc-a570-bdfd8203f7f6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**p  ]Ɋ& '!Xp  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1effdd92-b155-4d3e-8996-9f3901645791 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**p  ]Ɋ& ?!Xp  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1effdd92-b155-4d3e-8996-9f3901645791 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**p  ]Ɋ& ;!Xp  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1effdd92-b155-4d3e-8996-9f3901645791 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**p  ]Ɋ& 3!Xp  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1effdd92-b155-4d3e-8996-9f3901645791 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p** p  ]Ɋ& 3!Xp   F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1effdd92-b155-4d3e-8996-9f3901645791 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** p  ]Ɋ& 5!Xp   F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1effdd92-b155-4d3e-8996-9f3901645791 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0 p  ]Ɋ& !p   F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1effdd92-b155-4d3e-8996-9f3901645791 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=809279a2-1171-447a-89a4-b560a7b36b58 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la0**@ ױ  ]Ɋ& !ױ   F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1effdd92-b155-4d3e-8996-9f3901645791 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=809279a2-1171-447a-89a4-b560a7b36b58 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng -@** =M  ]Ɋ& )!X=M   F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6e8e2d4f-4beb-4890-8d3a-84dfa6a18070 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**=M  ]Ɋ& A!X=M  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6e8e2d4f-4beb-4890-8d3a-84dfa6a18070 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ae-a**=M  ]Ɋ& =!X=M  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6e8e2d4f-4beb-4890-8d3a-84dfa6a18070 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**=M  ]Ɋ& 5!X=M  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6e8e2d4f-4beb-4890-8d3a-84dfa6a18070 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**=M  ]Ɋ& 5!X=M  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6e8e2d4f-4beb-4890-8d3a-84dfa6a18070 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**=M  ]Ɋ& 7!X=M  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6e8e2d4f-4beb-4890-8d3a-84dfa6a18070 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**0=M  ]Ɋ& !=M  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6e8e2d4f-4beb-4890-8d3a-84dfa6a18070 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=65dba4c2-657d-4b16-911e-c064c1a0bcc5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@jM  ]Ɋ& !jM  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6e8e2d4f-4beb-4890-8d3a-84dfa6a18070 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=65dba4c2-657d-4b16-911e-c064c1a0bcc5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pel@**XjM  ]Ɋ& !XjM  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=484c8ea5-e137-4351-a1fd-de3f4510d7fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RX**pjM  ]Ɋ& !XjM  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=484c8ea5-e137-4351-a1fd-de3f4510d7fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersp**hjM  ]Ɋ& !XjM  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=484c8ea5-e137-4351-a1fd-de3f4510d7fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ph**`jM  ]Ɋ& !XjM  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=484c8ea5-e137-4351-a1fd-de3f4510d7fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**`jM  ]Ɋ& !XjM  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=484c8ea5-e137-4351-a1fd-de3f4510d7fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hjM  ]Ɋ& !XjM  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=484c8ea5-e137-4351-a1fd-de3f4510d7fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**jM  ]Ɋ&  !jM  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=484c8ea5-e137-4351-a1fd-de3f4510d7fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=992ce900-79e4-4f9a-bc02-2d826b346160 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**M  ]Ɋ& !M  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=484c8ea5-e137-4351-a1fd-de3f4510d7fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=992ce900-79e4-4f9a-bc02-2d826b346160 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sz**8M  ]Ɋ& !XM  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3a8eec71-be42-40b8-836b-0b0b2d7f1abe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt8**PM  ]Ɋ& !XM  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3a8eec71-be42-40b8-836b-0b0b2d7f1abe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipP**PM  ]Ɋ& !XM  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3a8eec71-be42-40b8-836b-0b0b2d7f1abe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CommP**H M  ]Ɋ& !XM   F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3a8eec71-be42-40b8-836b-0b0b2d7f1abe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H!M  ]Ɋ& !XM ! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3a8eec71-be42-40b8-836b-0b0b2d7f1abe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PipH**H"M  ]Ɋ& !XM " F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3a8eec71-be42-40b8-836b-0b0b2d7f1abe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspH**#M  ]Ɋ& !M # F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3a8eec71-be42-40b8-836b-0b0b2d7f1abe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dba889ad-966f-4167-9f2f-756cf60e36f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**$M  ]Ɋ& !M $ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3a8eec71-be42-40b8-836b-0b0b2d7f1abe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dba889ad-966f-4167-9f2f-756cf60e36f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**X%3M  ]Ɋ& !X3M % F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2841273d-bda4-4aa9-b764-6833e2992e77 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIdX**p&3M  ]Ɋ& !X3M & F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2841273d-bda4-4aa9-b764-6833e2992e77 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obalp**h'3M  ]Ɋ& !X3M ' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2841273d-bda4-4aa9-b764-6833e2992e77 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=x h**`(3M  ]Ɋ& !X3M ( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2841273d-bda4-4aa9-b764-6833e2992e77 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`)3M  ]Ɋ& !X3M ) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2841273d-bda4-4aa9-b764-6833e2992e77 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`*3M  ]Ɋ& !X3M * F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2841273d-bda4-4aa9-b764-6833e2992e77 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**+3M  ]Ɋ& !3M + F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2841273d-bda4-4aa9-b764-6833e2992e77 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73b94c9f-5ed4-4cde-a54f-bbef8211714f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**,3M  ]Ɋ& !3M , F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2841273d-bda4-4aa9-b764-6833e2992e77 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73b94c9f-5ed4-4cde-a54f-bbef8211714f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= EnneVersion=  ]Ɋ& maX3M - F&ndPath= CommandLine=8F& ElfChnk-]-]h%?Mu=VysMc&&**0 -3M  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X3M - F&F%g>9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=483028df-3ca4-4791-85da-6e72fea2a92d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0 **@.3M  ]Ɋ& !X3M . F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=483028df-3ca4-4791-85da-6e72fea2a92d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P@**@/3M  ]Ɋ& !X3M / F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=483028df-3ca4-4791-85da-6e72fea2a92d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lue@**803M  ]Ɋ& !X3M 0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=483028df-3ca4-4791-85da-6e72fea2a92d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndo8**813M  ]Ɋ& !X3M 1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=483028df-3ca4-4791-85da-6e72fea2a92d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 8**823M  ]Ɋ& !X3M 2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=483028df-3ca4-4791-85da-6e72fea2a92d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er8**33M  ]Ɋ& !3M 3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=483028df-3ca4-4791-85da-6e72fea2a92d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0e3eb75f-f9a3-430e-8ebc-1920bc40c210 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu**4dM  ]Ɋ& !dM 4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=483028df-3ca4-4791-85da-6e72fea2a92d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0e3eb75f-f9a3-430e-8ebc-1920bc40c210 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **X5.M  ]Ɋ& !X.M 5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=65c672e7-720f-4e7d-82d8-e9163d0e0496 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**p6.M  ]Ɋ& !X.M 6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=65c672e7-720f-4e7d-82d8-e9163d0e0496 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**p7.M  ]Ɋ& !X.M 7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=65c672e7-720f-4e7d-82d8-e9163d0e0496 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rinp**h8.M  ]Ɋ& !X.M 8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=65c672e7-720f-4e7d-82d8-e9163d0e0496 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h9.M  ]Ɋ& !X.M 9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=65c672e7-720f-4e7d-82d8-e9163d0e0496 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipth**h:.M  ]Ɋ& !X.M : F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=65c672e7-720f-4e7d-82d8-e9163d0e0496 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**;.M  ]Ɋ&  !.M ; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=65c672e7-720f-4e7d-82d8-e9163d0e0496 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae45ade5-8e0b-41bf-98b5-f80bba6cf5b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eg**<M  ]Ɋ& !M < F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=65c672e7-720f-4e7d-82d8-e9163d0e0496 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae45ade5-8e0b-41bf-98b5-f80bba6cf5b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d92-**=_M  ]Ɋ& '!X_M = F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=51642ada-51dc-4fac-9427-dbf2c7be5406 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**>_M  ]Ɋ& ?!X_M > F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=51642ada-51dc-4fac-9427-dbf2c7be5406 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**?_M  ]Ɋ& ;!X_M ? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=51642ada-51dc-4fac-9427-dbf2c7be5406 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **@_M  ]Ɋ& 3!X_M @ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=51642ada-51dc-4fac-9427-dbf2c7be5406 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**A_M  ]Ɋ& 3!X_M A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=51642ada-51dc-4fac-9427-dbf2c7be5406 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **B_M  ]Ɋ& 5!X_M B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=51642ada-51dc-4fac-9427-dbf2c7be5406 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0C_M  ]Ɋ& !_M C F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=51642ada-51dc-4fac-9427-dbf2c7be5406 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=11d7d112-4fae-4ab7-b183-6b3898e2d381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si0**@DKM  ]Ɋ& !KM D F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=51642ada-51dc-4fac-9427-dbf2c7be5406 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=11d7d112-4fae-4ab7-b183-6b3898e2d381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**E(l ]Ɋ& )!X(lE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=76cde626-b193-4b6f-bc4c-310bad4d0948 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**F(l ]Ɋ& A!X(lF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=76cde626-b193-4b6f-bc4c-310bad4d0948 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**G(l ]Ɋ& =!X(lG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=76cde626-b193-4b6f-bc4c-310bad4d0948 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mI**H(l ]Ɋ& 5!X(lH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=76cde626-b193-4b6f-bc4c-310bad4d0948 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-e**I(l ]Ɋ& 5!X(lI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=76cde626-b193-4b6f-bc4c-310bad4d0948 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**J(l ]Ɋ& 7!X(lJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=76cde626-b193-4b6f-bc4c-310bad4d0948 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**0K(l ]Ɋ& !(lK F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=76cde626-b193-4b6f-bc4c-310bad4d0948 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb2009b3-2ed8-4e48-ba58-e89022eb2c65 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@L)Zl ]Ɋ& !)ZlL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=76cde626-b193-4b6f-bc4c-310bad4d0948 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb2009b3-2ed8-4e48-ba58-e89022eb2c65 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XM)Zl ]Ɋ& !X)ZlM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6e6e2f96-8af3-4df6-a941-a13509517809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= X**pN)Zl ]Ɋ& !X)ZlN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6e6e2f96-8af3-4df6-a941-a13509517809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hO)Zl ]Ɋ& !X)ZlO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6e6e2f96-8af3-4df6-a941-a13509517809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`P)Zl ]Ɋ& !X)ZlP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6e6e2f96-8af3-4df6-a941-a13509517809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Q)Zl ]Ɋ& !X)ZlQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6e6e2f96-8af3-4df6-a941-a13509517809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hR)Zl ]Ɋ& !X)ZlR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6e6e2f96-8af3-4df6-a941-a13509517809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**S)Zl ]Ɋ&  !)ZlS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6e6e2f96-8af3-4df6-a941-a13509517809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5262dd8a-43d2-4182-969a-e9977ec88e56 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=None**Tl ]Ɋ& !lT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6e6e2f96-8af3-4df6-a941-a13509517809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5262dd8a-43d2-4182-969a-e9977ec88e56 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**8UVl ]Ɋ& !XVlU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=77053fad-ab1b-4953-898a-fd2649dfe982 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=%8**PVVl ]Ɋ& !XVlV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=77053fad-ab1b-4953-898a-fd2649dfe982 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PWVl ]Ɋ& !XVlW F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=77053fad-ab1b-4953-898a-fd2649dfe982 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HXVl ]Ɋ& !XVlX F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=77053fad-ab1b-4953-898a-fd2649dfe982 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HYVl ]Ɋ& !XVlY F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=77053fad-ab1b-4953-898a-fd2649dfe982 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HZVl ]Ɋ& !XVlZ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=77053fad-ab1b-4953-898a-fd2649dfe982 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**[Vl ]Ɋ& !Vl[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=77053fad-ab1b-4953-898a-fd2649dfe982 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=86dce833-48f3-4b2a-a011-fe052d5208fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\Vl ]Ɋ& !Vl\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=77053fad-ab1b-4953-898a-fd2649dfe982 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=86dce833-48f3-4b2a-a011-fe052d5208fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X]#l ]Ɋ& !X#l] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dedcfa60-2b35-4992-863e-b453c6a1d9ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mandXne= En ]Ɋ& X#l^ F& F&ndPath= CommandLine=8F& ElfChnk^^@?^PSMu=VysMc&&**p^#l ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!X#l^ F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dedcfa60-2b35-4992-863e-b453c6a1d9ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**h_#l ]Ɋ& !X#l_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dedcfa60-2b35-4992-863e-b453c6a1d9ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**``#l ]Ɋ& !X#l` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dedcfa60-2b35-4992-863e-b453c6a1d9ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`a#l ]Ɋ& !X#la F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dedcfa60-2b35-4992-863e-b453c6a1d9ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=28`**`b#l ]Ɋ& !X#lb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dedcfa60-2b35-4992-863e-b453c6a1d9ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**c#l ]Ɋ& !#lc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dedcfa60-2b35-4992-863e-b453c6a1d9ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=320490dc-90b9-4238-b6d6-e9618209b77e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**d#l ]Ɋ& !#ld F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dedcfa60-2b35-4992-863e-b453c6a1d9ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=320490dc-90b9-4238-b6d6-e9618209b77e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3**(e#l ]Ɋ& !X#le F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9e54fd00-0dcd-4cd4-b672-08442aad608a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@f#l ]Ɋ& !X#lf F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9e54fd00-0dcd-4cd4-b672-08442aad608a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@g#l ]Ɋ& !X#lg F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9e54fd00-0dcd-4cd4-b672-08442aad608a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**8h#l ]Ɋ& !X#lh F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9e54fd00-0dcd-4cd4-b672-08442aad608a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8i#l ]Ɋ& !X#li F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9e54fd00-0dcd-4cd4-b672-08442aad608a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**8j#l ]Ɋ& !X#lj F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9e54fd00-0dcd-4cd4-b672-08442aad608a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**k#l ]Ɋ& !#lk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9e54fd00-0dcd-4cd4-b672-08442aad608a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=77ad393e-87ec-456e-8690-16cb42549556 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**ll ]Ɋ& !ll F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9e54fd00-0dcd-4cd4-b672-08442aad608a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=77ad393e-87ec-456e-8690-16cb42549556 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**Xm7l ]Ɋ& !X7lm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=756b9ca2-2208-45ce-ae92-49fa1d5aa2b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pn7l ]Ɋ& !X7ln F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=756b9ca2-2208-45ce-ae92-49fa1d5aa2b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ep**po7l ]Ɋ& !X7lo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=756b9ca2-2208-45ce-ae92-49fa1d5aa2b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**hp7l ]Ɋ& !X7lp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=756b9ca2-2208-45ce-ae92-49fa1d5aa2b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hq7l ]Ɋ& !X7lq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=756b9ca2-2208-45ce-ae92-49fa1d5aa2b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hr7l ]Ɋ& !X7lr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=756b9ca2-2208-45ce-ae92-49fa1d5aa2b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**s7l ]Ɋ&  !7ls F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=756b9ca2-2208-45ce-ae92-49fa1d5aa2b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7fdeee4d-811a-43d8-ba3d-6da8246740ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **tl ]Ɋ& !lt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=756b9ca2-2208-45ce-ae92-49fa1d5aa2b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7fdeee4d-811a-43d8-ba3d-6da8246740ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4fa**udl ]Ɋ& '!Xdlu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c3c562d9-5631-4b35-83f7-3a382344547e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**vdl ]Ɋ& ?!Xdlv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c3c562d9-5631-4b35-83f7-3a382344547e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**wdl ]Ɋ& ;!Xdlw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c3c562d9-5631-4b35-83f7-3a382344547e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que**xdl ]Ɋ& 3!Xdlx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c3c562d9-5631-4b35-83f7-3a382344547e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**ydl ]Ɋ& 3!Xdly F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c3c562d9-5631-4b35-83f7-3a382344547e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**zdl ]Ɋ& 5!Xdlz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c3c562d9-5631-4b35-83f7-3a382344547e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0{dl ]Ɋ& !dl{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c3c562d9-5631-4b35-83f7-3a382344547e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e47444de-f31e-461b-8360-f5c293c9a0de PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@|Jl ]Ɋ& !Jl| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c3c562d9-5631-4b35-83f7-3a382344547e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e47444de-f31e-461b-8360-f5c293c9a0de PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**}i' ]Ɋ& )!Xi'} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=098607b5-74b6-4cde-99a5-5bf1242f952c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**~i' ]Ɋ& A!Xi'~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=098607b5-74b6-4cde-99a5-5bf1242f952c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**i' ]Ɋ& =!Xi' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=098607b5-74b6-4cde-99a5-5bf1242f952c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **i' ]Ɋ& 5!Xi' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=098607b5-74b6-4cde-99a5-5bf1242f952c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f6**i' ]Ɋ& 5!Xi' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=098607b5-74b6-4cde-99a5-5bf1242f952c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**i' ]Ɋ& 7!Xi' F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=098607b5-74b6-4cde-99a5-5bf1242f952c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0i' ]Ɋ& !i' F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=098607b5-74b6-4cde-99a5-5bf1242f952c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ebd193b-b28f-4831-9604-fcb37ca85b8e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@( ]Ɋ& !( F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=098607b5-74b6-4cde-99a5-5bf1242f952c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ebd193b-b28f-4831-9604-fcb37ca85b8e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X( ]Ɋ& !X( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0a848eeb-7163-4ad9-a2bf-161fd9d54859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p( ]Ɋ& !X( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0a848eeb-7163-4ad9-a2bf-161fd9d54859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h( ]Ɋ& !X( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0a848eeb-7163-4ad9-a2bf-161fd9d54859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`( ]Ɋ& !X( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0a848eeb-7163-4ad9-a2bf-161fd9d54859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`( ]Ɋ& !X( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0a848eeb-7163-4ad9-a2bf-161fd9d54859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h( ]Ɋ& !X( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0a848eeb-7163-4ad9-a2bf-161fd9d54859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**( ]Ɋ&  !( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0a848eeb-7163-4ad9-a2bf-161fd9d54859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d7f762b-cf6b-47d4-b829-8f025faa0e9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng**'( ]Ɋ& !'( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0a848eeb-7163-4ad9-a2bf-161fd9d54859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d7f762b-cf6b-47d4-b829-8f025faa0e9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8'( ]Ɋ& !X'( F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f909e3a7-2e4e-4614-8be6-a6e872a5fe1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**P'( ]Ɋ& !X'( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f909e3a7-2e4e-4614-8be6-a6e872a5fe1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF& F&ndPath= CommandLine=8F& ElfChnk X}.MMu=VysMc&&**P'( ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!X'( F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f909e3a7-2e4e-4614-8be6-a6e872a5fe1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**H'( ]Ɋ& !X'( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f909e3a7-2e4e-4614-8be6-a6e872a5fe1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H'( ]Ɋ& !X'( F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f909e3a7-2e4e-4614-8be6-a6e872a5fe1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**H'( ]Ɋ& !X'( F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f909e3a7-2e4e-4614-8be6-a6e872a5fe1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH**'( ]Ɋ& !'( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f909e3a7-2e4e-4614-8be6-a6e872a5fe1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=71b83bd8-b651-49ab-a9d7-e2aa648bc91b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**'( ]Ɋ& !'( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f909e3a7-2e4e-4614-8be6-a6e872a5fe1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=71b83bd8-b651-49ab-a9d7-e2aa648bc91b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X'( ]Ɋ& !X'( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5c5ded59-50e3-4901-8664-562b20ff5c1a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**p'( ]Ɋ& !X'( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5c5ded59-50e3-4901-8664-562b20ff5c1a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h'( ]Ɋ& !X'( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5c5ded59-50e3-4901-8664-562b20ff5c1a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**`'( ]Ɋ& !X'( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5c5ded59-50e3-4901-8664-562b20ff5c1a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2a`**`'( ]Ɋ& !X'( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5c5ded59-50e3-4901-8664-562b20ff5c1a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**`'( ]Ɋ& !X'( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5c5ded59-50e3-4901-8664-562b20ff5c1a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**'( ]Ɋ& !'( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5c5ded59-50e3-4901-8664-562b20ff5c1a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4ca366d8-85cd-471e-84b0-add7751dd72a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**'( ]Ɋ& !'( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5c5ded59-50e3-4901-8664-562b20ff5c1a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4ca366d8-85cd-471e-84b0-add7751dd72a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**(3) ]Ɋ& !X3) F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1c08336a-24d7-4816-ba3f-3223f20e811e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9(**@3) ]Ɋ& !X3) F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1c08336a-24d7-4816-ba3f-3223f20e811e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@3) ]Ɋ& !X3) F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1c08336a-24d7-4816-ba3f-3223f20e811e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**83) ]Ɋ& !X3) F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1c08336a-24d7-4816-ba3f-3223f20e811e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**83) ]Ɋ& !X3) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1c08336a-24d7-4816-ba3f-3223f20e811e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**83) ]Ɋ& !X3) F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1c08336a-24d7-4816-ba3f-3223f20e811e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**3) ]Ɋ& !3) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1c08336a-24d7-4816-ba3f-3223f20e811e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d39bcc46-aa4a-4686-902b-9b27e4bf6dde PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **T) ]Ɋ& !T) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1c08336a-24d7-4816-ba3f-3223f20e811e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d39bcc46-aa4a-4686-902b-9b27e4bf6dde PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**X* ]Ɋ& !X* F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=494c5344-3659-42d1-9ae9-d8ea40b2f42f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p* ]Ɋ& !X* F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=494c5344-3659-42d1-9ae9-d8ea40b2f42f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**p* ]Ɋ& !X* F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=494c5344-3659-42d1-9ae9-d8ea40b2f42f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**h* ]Ɋ& !X* F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=494c5344-3659-42d1-9ae9-d8ea40b2f42f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**h* ]Ɋ& !X* F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=494c5344-3659-42d1-9ae9-d8ea40b2f42f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**h* ]Ɋ& !X* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=494c5344-3659-42d1-9ae9-d8ea40b2f42f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh*** ]Ɋ&  !* F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=494c5344-3659-42d1-9ae9-d8ea40b2f42f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27a80bee-c643-459e-b505-d6a150cfc3f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=494c5344-3659-42d1-9ae9-d8ea40b2f42f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27a80bee-c643-459e-b505-d6a150cfc3f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq**., ]Ɋ& '!X., F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2a589299-7b2a-4b31-9373-61333938b315 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**., ]Ɋ& ?!X., F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2a589299-7b2a-4b31-9373-61333938b315 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**., ]Ɋ& ;!X., F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2a589299-7b2a-4b31-9373-61333938b315 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**., ]Ɋ& 3!X., F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2a589299-7b2a-4b31-9373-61333938b315 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, **., ]Ɋ& 3!X., F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2a589299-7b2a-4b31-9373-61333938b315 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**., ]Ɋ& 5!X., F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2a589299-7b2a-4b31-9373-61333938b315 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0., ]Ɋ& !., F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2a589299-7b2a-4b31-9373-61333938b315 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=75d5d007-9ee8-4021-964b-2b20c1b206fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@E, ]Ɋ& !E, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2a589299-7b2a-4b31-9373-61333938b315 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=75d5d007-9ee8-4021-964b-2b20c1b206fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**t\- ]Ɋ& )!Xt\- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9f633235-40f1-49b4-912a-7b21144786fe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**t\- ]Ɋ& A!Xt\- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9f633235-40f1-49b4-912a-7b21144786fe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**t\- ]Ɋ& =!Xt\- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9f633235-40f1-49b4-912a-7b21144786fe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**t\- ]Ɋ& 5!Xt\- F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9f633235-40f1-49b4-912a-7b21144786fe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**t\- ]Ɋ& 5!Xt\- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9f633235-40f1-49b4-912a-7b21144786fe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**t\- ]Ɋ& 7!Xt\- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9f633235-40f1-49b4-912a-7b21144786fe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0t\- ]Ɋ& !t\- F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9f633235-40f1-49b4-912a-7b21144786fe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6ecfe8f-81ea-43e9-9b0e-3f308d31a1b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@- ]Ɋ& !- F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9f633235-40f1-49b4-912a-7b21144786fe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6ecfe8f-81ea-43e9-9b0e-3f308d31a1b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**X- ]Ɋ& !X- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c5745dd4-72d7-49a4-9f69-255ecbe98d84 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a0eX**p- ]Ɋ& !X- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c5745dd4-72d7-49a4-9f69-255ecbe98d84 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**h- ]Ɋ& !X- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c5745dd4-72d7-49a4-9f69-255ecbe98d84 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X- F&dLine=8F& ElfChnk(m@GpMu=VysMc&&**h- ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!X- F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c5745dd4-72d7-49a4-9f69-255ecbe98d84 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='(h**`- ]Ɋ& !X- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c5745dd4-72d7-49a4-9f69-255ecbe98d84 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h- ]Ɋ& !X- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c5745dd4-72d7-49a4-9f69-255ecbe98d84 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**- ]Ɋ&  !- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c5745dd4-72d7-49a4-9f69-255ecbe98d84 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a3336796-a79a-432d-9a1c-3e83893bfe53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**- ]Ɋ& !- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c5745dd4-72d7-49a4-9f69-255ecbe98d84 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a3336796-a79a-432d-9a1c-3e83893bfe53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**87&- ]Ɋ& !X7&- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=59803d09-723b-4175-958e-843325dccf1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P7&- ]Ɋ& !X7&- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=59803d09-723b-4175-958e-843325dccf1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P7&- ]Ɋ& !X7&- F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=59803d09-723b-4175-958e-843325dccf1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H7&- ]Ɋ& !X7&- F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=59803d09-723b-4175-958e-843325dccf1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H7&- ]Ɋ& !X7&- F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=59803d09-723b-4175-958e-843325dccf1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H7&- ]Ɋ& !X7&- F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=59803d09-723b-4175-958e-843325dccf1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**7&- ]Ɋ& !7&- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=59803d09-723b-4175-958e-843325dccf1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0f0b697f-621e-4eea-8e67-4515766f9f7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7&- ]Ɋ& !7&- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=59803d09-723b-4175-958e-843325dccf1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0f0b697f-621e-4eea-8e67-4515766f9f7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X7&- ]Ɋ& !X7&- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6c48f30b-2dd0-45b2-b51a-808ef46b5091 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**p7&- ]Ɋ& !X7&- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6c48f30b-2dd0-45b2-b51a-808ef46b5091 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**h7&- ]Ɋ& !X7&- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6c48f30b-2dd0-45b2-b51a-808ef46b5091 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**`7&- ]Ɋ& !X7&- F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6c48f30b-2dd0-45b2-b51a-808ef46b5091 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`7&- ]Ɋ& !X7&- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6c48f30b-2dd0-45b2-b51a-808ef46b5091 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`7&- ]Ɋ& !X7&- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6c48f30b-2dd0-45b2-b51a-808ef46b5091 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**7&- ]Ɋ& !7&- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6c48f30b-2dd0-45b2-b51a-808ef46b5091 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9434d4c9-aa19-4f4c-b2bf-3528eeff9c19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7&- ]Ɋ& !7&- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6c48f30b-2dd0-45b2-b51a-808ef46b5091 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9434d4c9-aa19-4f4c-b2bf-3528eeff9c19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**(7&- ]Ɋ& !X7&- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c24f084b-a3f5-40ce-98af-0c2acbd206b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@7&- ]Ɋ& !X7&- F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c24f084b-a3f5-40ce-98af-0c2acbd206b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@7&- ]Ɋ& !X7&- F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c24f084b-a3f5-40ce-98af-0c2acbd206b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**87&- ]Ɋ& !X7&- F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c24f084b-a3f5-40ce-98af-0c2acbd206b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**87&- ]Ɋ& !X7&- F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c24f084b-a3f5-40ce-98af-0c2acbd206b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9ae8**87&- ]Ɋ& !X7&- F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c24f084b-a3f5-40ce-98af-0c2acbd206b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**7&- ]Ɋ& !7&- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c24f084b-a3f5-40ce-98af-0c2acbd206b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3eed7f35-0442-4b55-842c-a971dfed026c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ξ- ]Ɋ& !ξ- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c24f084b-a3f5-40ce-98af-0c2acbd206b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3eed7f35-0442-4b55-842c-a971dfed026c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **X- ]Ɋ& !X- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c64ba68e-e561-4895-8ddd-c5b47c32dd41 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p- ]Ɋ& !X- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c64ba68e-e561-4895-8ddd-c5b47c32dd41 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p- ]Ɋ& !X- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c64ba68e-e561-4895-8ddd-c5b47c32dd41 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**h- ]Ɋ& !X- F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c64ba68e-e561-4895-8ddd-c5b47c32dd41 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**h- ]Ɋ& !X- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c64ba68e-e561-4895-8ddd-c5b47c32dd41 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h- ]Ɋ& !X- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c64ba68e-e561-4895-8ddd-c5b47c32dd41 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**- ]Ɋ&  !- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c64ba68e-e561-4895-8ddd-c5b47c32dd41 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c9a0508-8a49-4089-829e-063b56fc467f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **(!- ]Ɋ& !(!- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c64ba68e-e561-4895-8ddd-c5b47c32dd41 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c9a0508-8a49-4089-829e-063b56fc467f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **(!- ]Ɋ& '!X(!- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c6641a36-e3e6-4c36-a05e-b9ff764ce8e2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**(!- ]Ɋ& ?!X(!- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c6641a36-e3e6-4c36-a05e-b9ff764ce8e2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**(!- ]Ɋ& ;!X(!- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c6641a36-e3e6-4c36-a05e-b9ff764ce8e2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**(!- ]Ɋ& 3!X(!- F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c6641a36-e3e6-4c36-a05e-b9ff764ce8e2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**(!- ]Ɋ& 3!X(!- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c6641a36-e3e6-4c36-a05e-b9ff764ce8e2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS**(!- ]Ɋ& 5!X(!- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c6641a36-e3e6-4c36-a05e-b9ff764ce8e2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**0(!- ]Ɋ& !(!- F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c6641a36-e3e6-4c36-a05e-b9ff764ce8e2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=deb87bc1-b8cb-442d-b710-315c6cdd34d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@- ]Ɋ& !- F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c6641a36-e3e6-4c36-a05e-b9ff764ce8e2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=deb87bc1-b8cb-442d-b710-315c6cdd34d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**G ]Ɋ& )!XG F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=106cee27-53e9-4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**G ]Ɋ& A!XG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=106cee27-53e9-4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**G ]Ɋ& =!XG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=106cee27-53e9-4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXG F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X- F&dLine=8F& ElfChnk pΖ;Mu=VysMc&&**G ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XG F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=106cee27-53e9-4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **G ]Ɋ& 5!XG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=106cee27-53e9-4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**G ]Ɋ& 7!XG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=106cee27-53e9-4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0y ]Ɋ& !y F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=106cee27-53e9-4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6a75254-744b-4fe6-b3f8-cf05bf03b924 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@y ]Ɋ& !y F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=106cee27-53e9-4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6a75254-744b-4fe6-b3f8-cf05bf03b924 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=98d@**Xy ]Ɋ& !Xy F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6498f875-1b87-4128-8ba3-139bec61f250 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**py ]Ɋ& !Xy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6498f875-1b87-4128-8ba3-139bec61f250 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=723p**hy ]Ɋ& !Xy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6498f875-1b87-4128-8ba3-139bec61f250 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4h**`y ]Ɋ& !Xy F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6498f875-1b87-4128-8ba3-139bec61f250 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`y ]Ɋ& !Xy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6498f875-1b87-4128-8ba3-139bec61f250 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hy ]Ɋ& !Xy F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6498f875-1b87-4128-8ba3-139bec61f250 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**y ]Ɋ&  !y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6498f875-1b87-4128-8ba3-139bec61f250 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00fff48a-1053-4007-bb15-ad884514f3b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6498f875-1b87-4128-8ba3-139bec61f250 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00fff48a-1053-4007-bb15-ad884514f3b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=17077670-f520-490c-8908-a9965c7a40b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=17077670-f520-490c-8908-a9965c7a40b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=17077670-f520-490c-8908-a9965c7a40b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=17077670-f520-490c-8908-a9965c7a40b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=17077670-f520-490c-8908-a9965c7a40b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=17077670-f520-490c-8908-a9965c7a40b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8efH** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=17077670-f520-490c-8908-a9965c7a40b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=808eb838-d57e-4c84-b596-216d707e658e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=17077670-f520-490c-8908-a9965c7a40b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=808eb838-d57e-4c84-b596-216d707e658e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=68029948-37c4-4284-a636-c345df860beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c24fX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=68029948-37c4-4284-a636-c345df860beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=68029948-37c4-4284-a636-c345df860beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=68029948-37c4-4284-a636-c345df860beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**`  ]Ɋ& !X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=68029948-37c4-4284-a636-c345df860beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`  ]Ɋ& !X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=68029948-37c4-4284-a636-c345df860beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`**  ]Ɋ& !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=68029948-37c4-4284-a636-c345df860beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b4c19aa-021e-4831-89b0-77ad4a4f9e79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=68029948-37c4-4284-a636-c345df860beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b4c19aa-021e-4831-89b0-77ad4a4f9e79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=84b**( < ]Ɋ& !X<  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c66f182c-e52c-4538-8744-ba11c22efa59 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@< ]Ɋ& !X< F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c66f182c-e52c-4538-8744-ba11c22efa59 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@< ]Ɋ& !X< F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c66f182c-e52c-4538-8744-ba11c22efa59 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8< ]Ɋ& !X< F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c66f182c-e52c-4538-8744-ba11c22efa59 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8< ]Ɋ& !X< F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c66f182c-e52c-4538-8744-ba11c22efa59 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8< ]Ɋ& !X< F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c66f182c-e52c-4538-8744-ba11c22efa59 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8**< ]Ɋ& !< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c66f182c-e52c-4538-8744-ba11c22efa59 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=987f47a9-8257-4ea7-bf96-0b717df6b7cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dd**B ]Ɋ& !B F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c66f182c-e52c-4538-8744-ba11c22efa59 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=987f47a9-8257-4ea7-bf96-0b717df6b7cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**Xt ]Ɋ& !Xt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=091918e2-0954-4c44-827f-1c0604dbf133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**pt ]Ɋ& !Xt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=091918e2-0954-4c44-827f-1c0604dbf133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pt ]Ɋ& !Xt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=091918e2-0954-4c44-827f-1c0604dbf133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**ht ]Ɋ& !Xt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=091918e2-0954-4c44-827f-1c0604dbf133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**ht ]Ɋ& !Xt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=091918e2-0954-4c44-827f-1c0604dbf133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**ht ]Ɋ& !Xt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=091918e2-0954-4c44-827f-1c0604dbf133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e8h**t ]Ɋ&  !t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=091918e2-0954-4c44-827f-1c0604dbf133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f0480d2-8b19-4eac-8110-6806b9dc9224 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=091918e2-0954-4c44-827f-1c0604dbf133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f0480d2-8b19-4eac-8110-6806b9dc9224 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue**  ]Ɋ& '!X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=66a28a6a-ec96-4999-a344-bd9f6b066d89 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**  ]Ɋ& ?!X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=66a28a6a-ec96-4999-a344-bd9f6b066d89 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**  ]Ɋ& ;!X  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=66a28a6a-ec96-4999-a344-bd9f6b066d89 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**  ]Ɋ& 3!X   F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=66a28a6a-ec96-4999-a344-bd9f6b066d89 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioX ! F&4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXG F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X- F&dLine=8F& ElfChnk!R!RHuF]kͭMu=VysMc&&** !  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X ! F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=66a28a6a-ec96-4999-a344-bd9f6b066d89 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **"  ]Ɋ& 5!X " F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=66a28a6a-ec96-4999-a344-bd9f6b066d89 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**0#  ]Ɋ& ! # F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=66a28a6a-ec96-4999-a344-bd9f6b066d89 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=60b1555e-4c65-4c03-942c-748f4930572b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f50**@$- ]Ɋ& !-$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=66a28a6a-ec96-4999-a344-bd9f6b066d89 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=60b1555e-4c65-4c03-942c-748f4930572b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**%xM ]Ɋ& )!XxM% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=96ced66c-4a85-4cfd-b676-fd47a74df134 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **&xM ]Ɋ& A!XxM& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=96ced66c-4a85-4cfd-b676-fd47a74df134 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**'xM ]Ɋ& =!XxM' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=96ced66c-4a85-4cfd-b676-fd47a74df134 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**(xM ]Ɋ& 5!XxM( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=96ced66c-4a85-4cfd-b676-fd47a74df134 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ec**)xM ]Ɋ& 5!XxM) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=96ced66c-4a85-4cfd-b676-fd47a74df134 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns***xM ]Ɋ& 7!XxM* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=96ced66c-4a85-4cfd-b676-fd47a74df134 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0+xM ]Ɋ& !xM+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=96ced66c-4a85-4cfd-b676-fd47a74df134 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2060faca-8a4b-4229-b796-14391bcfdb1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@,M ]Ɋ& !M, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=96ced66c-4a85-4cfd-b676-fd47a74df134 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2060faca-8a4b-4229-b796-14391bcfdb1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**X-M ]Ɋ& !XM- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8f943828-cdd3-4238-8cfa-743fec64a400 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**p.M ]Ɋ& !XM. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8f943828-cdd3-4238-8cfa-743fec64a400 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h/M ]Ɋ& !XM/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8f943828-cdd3-4238-8cfa-743fec64a400 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`0M ]Ɋ& !XM0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8f943828-cdd3-4238-8cfa-743fec64a400 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`1M ]Ɋ& !XM1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8f943828-cdd3-4238-8cfa-743fec64a400 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h2M ]Ɋ& !XM2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8f943828-cdd3-4238-8cfa-743fec64a400 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh**3M ]Ɋ&  !M3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8f943828-cdd3-4238-8cfa-743fec64a400 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3db2dd7e-369a-43a4-bff1-3e0c51fd796d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe**4GBM ]Ɋ& !GBM4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8f943828-cdd3-4238-8cfa-743fec64a400 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3db2dd7e-369a-43a4-bff1-3e0c51fd796d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**85GBM ]Ɋ& !XGBM5 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aed3d691-0502-4274-a9db-2f15b869d86d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**P6GBM ]Ɋ& !XGBM6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aed3d691-0502-4274-a9db-2f15b869d86d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**P7GBM ]Ɋ& !XGBM7 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aed3d691-0502-4274-a9db-2f15b869d86d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H8GBM ]Ɋ& !XGBM8 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aed3d691-0502-4274-a9db-2f15b869d86d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**H9GBM ]Ɋ& !XGBM9 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aed3d691-0502-4274-a9db-2f15b869d86d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H:GBM ]Ɋ& !XGBM: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aed3d691-0502-4274-a9db-2f15b869d86d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**;GBM ]Ɋ& !GBM; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aed3d691-0502-4274-a9db-2f15b869d86d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d0904559-8338-4396-b0e9-46448101be52 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<GBM ]Ɋ& !GBM< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aed3d691-0502-4274-a9db-2f15b869d86d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d0904559-8338-4396-b0e9-46448101be52 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X=GBM ]Ɋ& !XGBM= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07651be6-a52d-47e7-a2ad-d778a9ba43af HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**p>GBM ]Ɋ& !XGBM> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07651be6-a52d-47e7-a2ad-d778a9ba43af HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h?GBM ]Ɋ& !XGBM? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07651be6-a52d-47e7-a2ad-d778a9ba43af HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`@GBM ]Ɋ& !XGBM@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07651be6-a52d-47e7-a2ad-d778a9ba43af HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=38`**`AGBM ]Ɋ& !XGBMA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07651be6-a52d-47e7-a2ad-d778a9ba43af HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**`BGBM ]Ɋ& !XGBMB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07651be6-a52d-47e7-a2ad-d778a9ba43af HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**CGBM ]Ɋ& !GBMC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07651be6-a52d-47e7-a2ad-d778a9ba43af HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2edf8d07-e970-49d1-a92a-94364ac8f8f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**DڤM ]Ɋ& !ڤMD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07651be6-a52d-47e7-a2ad-d778a9ba43af HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2edf8d07-e970-49d1-a92a-94364ac8f8f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==98**(EڤM ]Ɋ& !XڤME F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0a2f383b-c76e-44eb-8452-a130c99fb80f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@FڤM ]Ɋ& !XڤMF F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0a2f383b-c76e-44eb-8452-a130c99fb80f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@GڤM ]Ɋ& !XڤMG F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0a2f383b-c76e-44eb-8452-a130c99fb80f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**8HڤM ]Ɋ& !XڤMH F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0a2f383b-c76e-44eb-8452-a130c99fb80f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8IڤM ]Ɋ& !XڤMI F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0a2f383b-c76e-44eb-8452-a130c99fb80f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8JڤM ]Ɋ& !XڤMJ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0a2f383b-c76e-44eb-8452-a130c99fb80f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**KڤM ]Ɋ& !ڤMK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0a2f383b-c76e-44eb-8452-a130c99fb80f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=98dc1fe8-22a1-4441-861d-cde6ea7b5753 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S**LtsM ]Ɋ& !tsML F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0a2f383b-c76e-44eb-8452-a130c99fb80f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=98dc1fe8-22a1-4441-861d-cde6ea7b5753 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**XM8=M ]Ɋ& !X8=MM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pN8=M ]Ɋ& !X8=MN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**pO8=M ]Ɋ& !X8=MO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**hP8=M ]Ɋ& !X8=MP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**hQ8=M ]Ɋ& !X8=MQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**hR8=M ]Ɋ& !X8=MR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !8=MS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70d5f934-723f-4998-9994-7f6cc4831122 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkSS8"a]Mu=VysMc&&** S8=M ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !8=MS F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70d5f934-723f-4998-9994-7f6cc4831122 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art **TէM ]Ɋ& !էMT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70d5f934-723f-4998-9994-7f6cc4831122 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=4**UէM ]Ɋ& '!XէMU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bfe2f62b-d18d-4b90-a0b0-c2fa8e0780b5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**VէM ]Ɋ& ?!XէMV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bfe2f62b-d18d-4b90-a0b0-c2fa8e0780b5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**WէM ]Ɋ& ;!XէMW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bfe2f62b-d18d-4b90-a0b0-c2fa8e0780b5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**XէM ]Ɋ& 3!XէMX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bfe2f62b-d18d-4b90-a0b0-c2fa8e0780b5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**YէM ]Ɋ& 3!XէMY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bfe2f62b-d18d-4b90-a0b0-c2fa8e0780b5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **ZէM ]Ɋ& 5!XէMZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bfe2f62b-d18d-4b90-a0b0-c2fa8e0780b5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**0[էM ]Ɋ& !էM[ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bfe2f62b-d18d-4b90-a0b0-c2fa8e0780b5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e56a624a-bccb-4e1a-8acc-3a2a9e650371 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ac0**@\enM ]Ɋ& !enM\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bfe2f62b-d18d-4b90-a0b0-c2fa8e0780b5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e56a624a-bccb-4e1a-8acc-3a2a9e650371 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d P@**]` ]Ɋ& )!X`] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=887d6803-fdff-4751-80f1-4d0875165946 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**^` ]Ɋ& A!X`^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=887d6803-fdff-4751-80f1-4d0875165946 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**_` ]Ɋ& =!X`_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=887d6803-fdff-4751-80f1-4d0875165946 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **`` ]Ɋ& 5!X`` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=887d6803-fdff-4751-80f1-4d0875165946 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**a` ]Ɋ& 5!X`a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=887d6803-fdff-4751-80f1-4d0875165946 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cl**b` ]Ɋ& 7!X`b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=887d6803-fdff-4751-80f1-4d0875165946 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0c` ]Ɋ& !`c F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=887d6803-fdff-4751-80f1-4d0875165946 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a23aa2d-aa69-470c-88cd-9a859da8d9e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@d  ]Ɋ& ! d F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=887d6803-fdff-4751-80f1-4d0875165946 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a23aa2d-aa69-470c-88cd-9a859da8d9e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art@**Xe  ]Ɋ& !X e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bf482916-cc03-4fef-8fb2-652064a03b05 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d X**pf  ]Ɋ& !X f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bf482916-cc03-4fef-8fb2-652064a03b05 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=p**hg  ]Ɋ& !X g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bf482916-cc03-4fef-8fb2-652064a03b05 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ch**`h  ]Ɋ& !X h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bf482916-cc03-4fef-8fb2-652064a03b05 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`i  ]Ɋ& !X i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bf482916-cc03-4fef-8fb2-652064a03b05 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**hj  ]Ɋ& !X j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bf482916-cc03-4fef-8fb2-652064a03b05 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tId=h**k  ]Ɋ&  ! k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bf482916-cc03-4fef-8fb2-652064a03b05 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8c06e2b-6348-4782-beef-c3f4755c4c95 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=91-0**l* ]Ɋ& !*l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bf482916-cc03-4fef-8fb2-652064a03b05 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8c06e2b-6348-4782-beef-c3f4755c4c95 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**8m* ]Ɋ& !X*m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a17a852c-c7b2-4456-9982-94e9ea34c735 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=528**Pn* ]Ɋ& !X*n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a17a852c-c7b2-4456-9982-94e9ea34c735 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tIP**Po* ]Ɋ& !X*o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a17a852c-c7b2-4456-9982-94e9ea34c735 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==4.0P**Hp* ]Ɋ& !X*p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a17a852c-c7b2-4456-9982-94e9ea34c735 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**Hq* ]Ɋ& !X*q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a17a852c-c7b2-4456-9982-94e9ea34c735 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConsH**Hr* ]Ɋ& !X*r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a17a852c-c7b2-4456-9982-94e9ea34c735 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**s* ]Ɋ& !*s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a17a852c-c7b2-4456-9982-94e9ea34c735 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4a88e50-432b-456c-9166-0b6377c033d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=equ**t* ]Ɋ& !*t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a17a852c-c7b2-4456-9982-94e9ea34c735 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4a88e50-432b-456c-9166-0b6377c033d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**Xu* ]Ɋ& !X*u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1043917f-c0db-46c4-a85c-4246c4b0e37b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pv* ]Ɋ& !X*v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1043917f-c0db-46c4-a85c-4246c4b0e37b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Scp**hw* ]Ɋ& !X*w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1043917f-c0db-46c4-a85c-4246c4b0e37b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dOh**`x* ]Ɋ& !X*x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1043917f-c0db-46c4-a85c-4246c4b0e37b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns`**`y* ]Ɋ& !X*y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1043917f-c0db-46c4-a85c-4246c4b0e37b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh`**`z* ]Ɋ& !X*z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1043917f-c0db-46c4-a85c-4246c4b0e37b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**{* ]Ɋ& !*{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1043917f-c0db-46c4-a85c-4246c4b0e37b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=24128bd9-cbdd-46f6-bdcd-514c0ff84256 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**|* ]Ɋ& !*| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1043917f-c0db-46c4-a85c-4246c4b0e37b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=24128bd9-cbdd-46f6-bdcd-514c0ff84256 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(}8Ô ]Ɋ& !X8Ô} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b9970ec5-9c23-4efe-805f-41e5afaf26f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m(**@~8Ô ]Ɋ& !X8Ô~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b9970ec5-9c23-4efe-805f-41e5afaf26f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U@**@8Ô ]Ɋ& !X8Ô F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b9970ec5-9c23-4efe-805f-41e5afaf26f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**88Ô ]Ɋ& !X8Ô F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b9970ec5-9c23-4efe-805f-41e5afaf26f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ARE8**88Ô ]Ɋ& !X8Ô F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b9970ec5-9c23-4efe-805f-41e5afaf26f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**88Ô ]Ɋ& !X8Ô F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b9970ec5-9c23-4efe-805f-41e5afaf26f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8Ô ]Ɋ& !8Ô F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b9970ec5-9c23-4efe-805f-41e5afaf26f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b08363aa-59e7-47dc-97c4-b9a5ad85f5df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co**[ ]Ɋ& ![ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b9970ec5-9c23-4efe-805f-41e5afaf26f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b08363aa-59e7-47dc-97c4-b9a5ad85f5df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInf**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0fdfebc7-7498-4a6f-a360-7823907edd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X F&aceId=70d5f934-723f-4998-9994-7f6cc4831122 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk0[)OMu=VysMc&&**x  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! W!X F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0fdfebc7-7498-4a6f-a360-7823907edd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0fdfebc7-7498-4a6f-a360-7823907edd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0fdfebc7-7498-4a6f-a360-7823907edd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0fdfebc7-7498-4a6f-a360-7823907edd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0fdfebc7-7498-4a6f-a360-7823907edd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0fdfebc7-7498-4a6f-a360-7823907edd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c63fb14-364d-48db-b979-200d783e998d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**% ]Ɋ& !% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0fdfebc7-7498-4a6f-a360-7823907edd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c63fb14-364d-48db-b979-200d783e998d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**% ]Ɋ& '!X% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=78f962e2-2797-4ebd-9dba-a2c921afb6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**% ]Ɋ& ?!X% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=78f962e2-2797-4ebd-9dba-a2c921afb6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**% ]Ɋ& ;!X% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=78f962e2-2797-4ebd-9dba-a2c921afb6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d08**% ]Ɋ& 3!X% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=78f962e2-2797-4ebd-9dba-a2c921afb6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**% ]Ɋ& 3!X% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=78f962e2-2797-4ebd-9dba-a2c921afb6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=875**% ]Ɋ& 5!X% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=78f962e2-2797-4ebd-9dba-a2c921afb6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0% ]Ɋ& !% F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=78f962e2-2797-4ebd-9dba-a2c921afb6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=da8d8a53-956d-441a-9c54-6dd9b8c60663 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@) ]Ɋ& !) F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=78f962e2-2797-4ebd-9dba-a2c921afb6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=da8d8a53-956d-441a-9c54-6dd9b8c60663 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@** ]Ɋ& )!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9a82bad7-dba0-4a08-bc34-73d6670128ff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= ** ]Ɋ& A!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9a82bad7-dba0-4a08-bc34-73d6670128ff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9a82bad7-dba0-4a08-bc34-73d6670128ff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |** ]Ɋ& 5!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9a82bad7-dba0-4a08-bc34-73d6670128ff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt** ]Ɋ& 5!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9a82bad7-dba0-4a08-bc34-73d6670128ff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp** ]Ɋ& 7!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9a82bad7-dba0-4a08-bc34-73d6670128ff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0R* ]Ɋ& !R* F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9a82bad7-dba0-4a08-bc34-73d6670128ff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c1aac89-67a0-4fee-8934-dc9c7398f1e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@œ ]Ɋ& !œ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9a82bad7-dba0-4a08-bc34-73d6670128ff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c1aac89-67a0-4fee-8934-dc9c7398f1e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**Xœ ]Ɋ& !Xœ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ae317808-b4b4-4616-a862-99784ca2551d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mX**pœ ]Ɋ& !Xœ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ae317808-b4b4-4616-a862-99784ca2551d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**hœ ]Ɋ& !Xœ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ae317808-b4b4-4616-a862-99784ca2551d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`œ ]Ɋ& !Xœ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ae317808-b4b4-4616-a862-99784ca2551d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`œ ]Ɋ& !Xœ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ae317808-b4b4-4616-a862-99784ca2551d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hœ ]Ɋ& !Xœ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ae317808-b4b4-4616-a862-99784ca2551d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**œ ]Ɋ&  !œ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ae317808-b4b4-4616-a862-99784ca2551d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9e8a36b3-a7d7-47e2-902a-6f3aed2730d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**[ ]Ɋ& ![ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ae317808-b4b4-4616-a862-99784ca2551d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9e8a36b3-a7d7-47e2-902a-6f3aed2730d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8[ ]Ɋ& !X[ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d7863e8-6c70-4540-a7ab-302b3fb8e691 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**P[ ]Ɋ& !X[ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d7863e8-6c70-4540-a7ab-302b3fb8e691 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P[ ]Ɋ& !X[ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d7863e8-6c70-4540-a7ab-302b3fb8e691 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**H[ ]Ɋ& !X[ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d7863e8-6c70-4540-a7ab-302b3fb8e691 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**H[ ]Ɋ& !X[ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d7863e8-6c70-4540-a7ab-302b3fb8e691 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**H[ ]Ɋ& !X[ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d7863e8-6c70-4540-a7ab-302b3fb8e691 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**[ ]Ɋ& ![ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d7863e8-6c70-4540-a7ab-302b3fb8e691 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4de3b258-aaea-45a9-9801-1a000d2a7d5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**[ ]Ɋ& ![ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d7863e8-6c70-4540-a7ab-302b3fb8e691 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4de3b258-aaea-45a9-9801-1a000d2a7d5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X[ ]Ɋ& !X[ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=618b78fd-dc07-4d1f-aa1d-14413943f353 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**p[ ]Ɋ& !X[ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=618b78fd-dc07-4d1f-aa1d-14413943f353 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**h[ ]Ɋ& !X[ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=618b78fd-dc07-4d1f-aa1d-14413943f353 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`[ ]Ɋ& !X[ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=618b78fd-dc07-4d1f-aa1d-14413943f353 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`[ ]Ɋ& !X[ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=618b78fd-dc07-4d1f-aa1d-14413943f353 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`[ ]Ɋ& !X[ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=618b78fd-dc07-4d1f-aa1d-14413943f353 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**[ ]Ɋ& ![ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=618b78fd-dc07-4d1f-aa1d-14413943f353 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=60c89c3b-0878-49b7-b99a-15d2421204b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=618b78fd-dc07-4d1f-aa1d-14413943f353 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=60c89c3b-0878-49b7-b99a-15d2421204b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=33ecad1c-eba0-4b37-8483-ce2a869dda24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=33ecad1c-eba0-4b37-8483-ce2a869dda24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=33ecad1c-eba0-4b37-8483-ce2a869dda24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@ 65535 Eng ]Ɋ& ndX F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X F&aceId=70d5f934-723f-4998-9994-7f6cc4831122 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkpoyHMu=VysMc&&**8  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X F&F%g>9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=33ecad1c-eba0-4b37-8483-ce2a869dda24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=33ecad1c-eba0-4b37-8483-ce2a869dda24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=33ecad1c-eba0-4b37-8483-ce2a869dda24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=33ecad1c-eba0-4b37-8483-ce2a869dda24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c8dcd853-f01f-408b-95ca-b5b2f3214b81 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0f** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=33ecad1c-eba0-4b37-8483-ce2a869dda24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c8dcd853-f01f-408b-95ca-b5b2f3214b81 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**XoV ]Ɋ& !XoV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4a841c55-b746-47a4-a138-db58e1bad7a2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**poV ]Ɋ& !XoV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4a841c55-b746-47a4-a138-db58e1bad7a2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**poV ]Ɋ& !XoV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4a841c55-b746-47a4-a138-db58e1bad7a2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hoV ]Ɋ& !XoV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4a841c55-b746-47a4-a138-db58e1bad7a2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**hoV ]Ɋ& !XoV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4a841c55-b746-47a4-a138-db58e1bad7a2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**hoV ]Ɋ& !XoV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4a841c55-b746-47a4-a138-db58e1bad7a2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7-h**oV ]Ɋ&  !oV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4a841c55-b746-47a4-a138-db58e1bad7a2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03e3b73a-33ed-4fe9-baf1-c1497d877c70 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O**oV ]Ɋ& !oV F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4a841c55-b746-47a4-a138-db58e1bad7a2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03e3b73a-33ed-4fe9-baf1-c1497d877c70 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=199bca1d-5b2d-48c2-aa97-5b77928f8ffb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=199bca1d-5b2d-48c2-aa97-5b77928f8ffb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=199bca1d-5b2d-48c2-aa97-5b77928f8ffb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=199bca1d-5b2d-48c2-aa97-5b77928f8ffb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=199bca1d-5b2d-48c2-aa97-5b77928f8ffb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=199bca1d-5b2d-48c2-aa97-5b77928f8ffb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=199bca1d-5b2d-48c2-aa97-5b77928f8ffb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5f756ca8-8f8b-4640-a29f-5b9f279e98ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=199bca1d-5b2d-48c2-aa97-5b77928f8ffb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5f756ca8-8f8b-4640-a29f-5b9f279e98ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@**` ]Ɋ& )!X` F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b25058f0-df51-4d7c-9ca1-f76b7fa72fb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**` ]Ɋ& A!X` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b25058f0-df51-4d7c-9ca1-f76b7fa72fb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**` ]Ɋ& =!X` F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b25058f0-df51-4d7c-9ca1-f76b7fa72fb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**` ]Ɋ& 5!X` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b25058f0-df51-4d7c-9ca1-f76b7fa72fb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**` ]Ɋ& 5!X` F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b25058f0-df51-4d7c-9ca1-f76b7fa72fb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**` ]Ɋ& 7!X` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b25058f0-df51-4d7c-9ca1-f76b7fa72fb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0` ]Ɋ& !` F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b25058f0-df51-4d7c-9ca1-f76b7fa72fb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a1df90a0-8a47-48f2-ba80-b263c92afac9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@u` ]Ɋ& !u` F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b25058f0-df51-4d7c-9ca1-f76b7fa72fb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a1df90a0-8a47-48f2-ba80-b263c92afac9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b4-@**XE` ]Ɋ& !XE` F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**pE` ]Ɋ& !XE` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**hE` ]Ɋ& !XE` F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3h**`E` ]Ɋ& !XE` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**`E` ]Ɋ& !XE` F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f`**hE` ]Ɋ& !XE` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph**E` ]Ɋ&  !E` F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb32b5c7-7662-45f0-bb00-8e91abf86b69 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru**E` ]Ɋ& !E` F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb32b5c7-7662-45f0-bb00-8e91abf86b69 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8E` ]Ɋ& !XE` F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**PE` ]Ɋ& !XE` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**PE` ]Ɋ& !XE` F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**HE` ]Ɋ& !XE` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=43f3H**HE` ]Ɋ& !XE` F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-aa1H**HE` ]Ɋ& !XE` F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fd-H**E` ]Ɋ& !E` F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8b90beb-30fa-4401-a397-a469032bb298 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=353**E` ]Ɋ& !E` F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8b90beb-30fa-4401-a397-a469032bb298 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**Xܦ` ]Ɋ& !Xܦ` F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**pܦ` ]Ɋ& !Xܦ` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**hܦ` ]Ɋ& !Xܦ` F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`ܦ` ]Ɋ& !Xܦ` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CXܦ` F&wid@ 65535 Eng ]Ɋ& ndX F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X F&aceId=70d5f934-723f-4998-9994-7f6cc4831122 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@hu wMu=VysMc&&**hܦ` ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!Xܦ` F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`ܦ` ]Ɋ& !Xܦ` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**ܦ` ]Ɋ& !ܦ` F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8a27e255-3bb9-44c3-ac40-77f7d8f3d7c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**ܦ` ]Ɋ& !ܦ` F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8a27e255-3bb9-44c3-ac40-77f7d8f3d7c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(ܦ` ]Ɋ& !Xܦ` F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d7843f7e-bca2-4864-9735-e691d185874b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@ܦ` ]Ɋ& !Xܦ` F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d7843f7e-bca2-4864-9735-e691d185874b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@ܦ` ]Ɋ& !Xܦ` F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d7843f7e-bca2-4864-9735-e691d185874b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8ܦ` ]Ɋ& !Xܦ` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d7843f7e-bca2-4864-9735-e691d185874b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8ܦ` ]Ɋ& !Xܦ` F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d7843f7e-bca2-4864-9735-e691d185874b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8ܦ` ]Ɋ& !Xܦ` F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d7843f7e-bca2-4864-9735-e691d185874b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**ܦ` ]Ɋ& !ܦ` F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d7843f7e-bca2-4864-9735-e691d185874b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=84d45ee0-ba20-4415-872f-3c0ed577dab3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**r?` ]Ɋ& !r?` F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d7843f7e-bca2-4864-9735-e691d185874b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=84d45ee0-ba20-4415-872f-3c0ed577dab3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X6 ` ]Ɋ& !X6 ` F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=02de807c-f6af-4be9-b43a-f146b539518c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p6 ` ]Ɋ& !X6 ` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=02de807c-f6af-4be9-b43a-f146b539518c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p6 ` ]Ɋ& !X6 ` F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=02de807c-f6af-4be9-b43a-f146b539518c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h6 ` ]Ɋ& !X6 ` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=02de807c-f6af-4be9-b43a-f146b539518c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h6 ` ]Ɋ& !X6 ` F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=02de807c-f6af-4be9-b43a-f146b539518c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h6 ` ]Ɋ& !X6 ` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=02de807c-f6af-4be9-b43a-f146b539518c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**6 ` ]Ɋ&  !6 ` F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=02de807c-f6af-4be9-b43a-f146b539518c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=49b706fc-ec46-4ece-b12a-60e63d7fc509 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**̡` ]Ɋ& !̡` F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=02de807c-f6af-4be9-b43a-f146b539518c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=49b706fc-ec46-4ece-b12a-60e63d7fc509 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring**c:` ]Ɋ& '!Xc:` F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=61917d81-4542-4900-96a3-9d3c53452acd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**c:` ]Ɋ& ?!Xc:` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=61917d81-4542-4900-96a3-9d3c53452acd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**c:` ]Ɋ& ;!Xc:` F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=61917d81-4542-4900-96a3-9d3c53452acd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**c:` ]Ɋ& 3!Xc:` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=61917d81-4542-4900-96a3-9d3c53452acd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==b2**c:` ]Ɋ& 3!Xc:` F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=61917d81-4542-4900-96a3-9d3c53452acd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**c:` ]Ɋ& 5!Xc:` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=61917d81-4542-4900-96a3-9d3c53452acd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d7**0c:` ]Ɋ& !c:` F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=61917d81-4542-4900-96a3-9d3c53452acd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3f528469-908f-4b8c-a977-176dd0b9867d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@` ]Ɋ& !` F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=61917d81-4542-4900-96a3-9d3c53452acd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3f528469-908f-4b8c-a977-176dd0b9867d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**U  ]Ɋ& )!XU  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d26134e-feb3-446a-93be-5bc427f9ad23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**U  ]Ɋ& A!XU  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d26134e-feb3-446a-93be-5bc427f9ad23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **U  ]Ɋ& =!XU  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d26134e-feb3-446a-93be-5bc427f9ad23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**U  ]Ɋ& 5!XU  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d26134e-feb3-446a-93be-5bc427f9ad23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** U  ]Ɋ& 5!XU   F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d26134e-feb3-446a-93be-5bc427f9ad23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== ** U  ]Ɋ& 7!XU   F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d26134e-feb3-446a-93be-5bc427f9ad23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0 1  ]Ɋ& !1   F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d26134e-feb3-446a-93be-5bc427f9ad23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c5b78bac-a413-4ed5-b3fa-54d10a87df27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@   ]Ɋ& !   F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d26134e-feb3-446a-93be-5bc427f9ad23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c5b78bac-a413-4ed5-b3fa-54d10a87df27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**X c  ]Ɋ& !Xc   F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f0bbd97c-eed8-4ff2-98c9-12b1183c325d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pc  ]Ɋ& !Xc  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f0bbd97c-eed8-4ff2-98c9-12b1183c325d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**hc  ]Ɋ& !Xc  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f0bbd97c-eed8-4ff2-98c9-12b1183c325d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`c  ]Ɋ& !Xc  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f0bbd97c-eed8-4ff2-98c9-12b1183c325d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`c  ]Ɋ& !Xc  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f0bbd97c-eed8-4ff2-98c9-12b1183c325d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hc  ]Ɋ& !Xc  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f0bbd97c-eed8-4ff2-98c9-12b1183c325d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**c  ]Ɋ&  !c  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f0bbd97c-eed8-4ff2-98c9-12b1183c325d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fe49999f-8053-4d2a-b00b-1f66cd529af4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**c  ]Ɋ& !c  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f0bbd97c-eed8-4ff2-98c9-12b1183c325d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fe49999f-8053-4d2a-b00b-1f66cd529af4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8  ]Ɋ& !X  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a5928652-4f8e-4459-b2af-6399fb7b3b08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**P  ]Ɋ& !X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a5928652-4f8e-4459-b2af-6399fb7b3b08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**P  ]Ɋ& !X  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a5928652-4f8e-4459-b2af-6399fb7b3b08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**H  ]Ɋ& !X  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a5928652-4f8e-4459-b2af-6399fb7b3b08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**H  ]Ɋ& !X  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a5928652-4f8e-4459-b2af-6399fb7b3b08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8311H PipelineI ]Ɋ&  X  F&ElfChnkJJhCRqMu=VysMc&&**H  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! +!X  F&F%g>9{p(xlMD EventDatauoData !BinaryxVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a5928652-4f8e-4459-b2af-6399fb7b3b08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**  ]Ɋ& !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a5928652-4f8e-4459-b2af-6399fb7b3b08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2c03ef70-484d-44fe-8e6b-5c186e5d57c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ܦ**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a5928652-4f8e-4459-b2af-6399fb7b3b08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2c03ef70-484d-44fe-8e6b-5c186e5d57c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X  ]Ɋ& !X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=41c01bb8-e5e3-4bd6-97a0-a7cc12b859bd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p  ]Ɋ& !X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=41c01bb8-e5e3-4bd6-97a0-a7cc12b859bd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**h  ]Ɋ& !X  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=41c01bb8-e5e3-4bd6-97a0-a7cc12b859bd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`   ]Ɋ& !X   F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=41c01bb8-e5e3-4bd6-97a0-a7cc12b859bd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`!  ]Ɋ& !X ! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=41c01bb8-e5e3-4bd6-97a0-a7cc12b859bd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`"  ]Ɋ& !X " F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=41c01bb8-e5e3-4bd6-97a0-a7cc12b859bd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**#  ]Ɋ& ! # F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=41c01bb8-e5e3-4bd6-97a0-a7cc12b859bd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=89eac639-43ac-47a1-8a77-8e4ca7ab9223 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$  ]Ɋ& ! $ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=41c01bb8-e5e3-4bd6-97a0-a7cc12b859bd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=89eac639-43ac-47a1-8a77-8e4ca7ab9223 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(%F  ]Ɋ& !XF % F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=67770720-9c48-4443-976e-4a7cca7e5d33 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@&F  ]Ɋ& !XF & F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=67770720-9c48-4443-976e-4a7cca7e5d33 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@'F  ]Ɋ& !XF ' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=67770720-9c48-4443-976e-4a7cca7e5d33 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8(F  ]Ɋ& !XF ( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=67770720-9c48-4443-976e-4a7cca7e5d33 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8)F  ]Ɋ& !XF ) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=67770720-9c48-4443-976e-4a7cca7e5d33 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==028**8*F  ]Ɋ& !XF * F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=67770720-9c48-4443-976e-4a7cca7e5d33 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**+F  ]Ɋ& !F + F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=67770720-9c48-4443-976e-4a7cca7e5d33 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=59db5fe2-3670-4404-9e13-01a0a4285fd3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**,,  ]Ɋ& !, , F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=67770720-9c48-4443-976e-4a7cca7e5d33 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=59db5fe2-3670-4404-9e13-01a0a4285fd3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**X-'  ]Ɋ& !X' - F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=caf5c8d7-7a12-44c2-a3a6-1e872f4377de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**p.'  ]Ɋ& !X' . F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=caf5c8d7-7a12-44c2-a3a6-1e872f4377de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**p/'  ]Ɋ& !X' / F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=caf5c8d7-7a12-44c2-a3a6-1e872f4377de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**h0'  ]Ɋ& !X' 0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=caf5c8d7-7a12-44c2-a3a6-1e872f4377de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**h1'  ]Ɋ& !X' 1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=caf5c8d7-7a12-44c2-a3a6-1e872f4377de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h2'  ]Ɋ& !X' 2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=caf5c8d7-7a12-44c2-a3a6-1e872f4377de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**3c  ]Ɋ&  !c 3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=caf5c8d7-7a12-44c2-a3a6-1e872f4377de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8e64b4a1-4a3b-4018-9c63-2d54d7509800 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4c  ]Ɋ& !c 4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=caf5c8d7-7a12-44c2-a3a6-1e872f4377de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8e64b4a1-4a3b-4018-9c63-2d54d7509800 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **5X  ]Ɋ& '!XX 5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=634cc9ed-66f0-4a87-93d2-cf70b996c1a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**6X  ]Ɋ& ?!XX 6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=634cc9ed-66f0-4a87-93d2-cf70b996c1a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**7X  ]Ɋ& ;!XX 7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=634cc9ed-66f0-4a87-93d2-cf70b996c1a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**8X  ]Ɋ& 3!XX 8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=634cc9ed-66f0-4a87-93d2-cf70b996c1a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**9X  ]Ɋ& 3!XX 9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=634cc9ed-66f0-4a87-93d2-cf70b996c1a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**:X  ]Ɋ& 5!XX : F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=634cc9ed-66f0-4a87-93d2-cf70b996c1a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0;X  ]Ɋ& !X ; F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=634cc9ed-66f0-4a87-93d2-cf70b996c1a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5f55a875-90ac-4539-9455-ec8dbcdb81d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@<  ]Ɋ& ! < F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=634cc9ed-66f0-4a87-93d2-cf70b996c1a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5f55a875-90ac-4539-9455-ec8dbcdb81d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7 @**=x# ]Ɋ& )!Xx#= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=631af5e5-fa03-4da2-a413-72b1611833cc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uctS**>x# ]Ɋ& A!Xx#> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=631af5e5-fa03-4da2-a413-72b1611833cc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=curi**?x# ]Ɋ& =!Xx#? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=631af5e5-fa03-4da2-a413-72b1611833cc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **@x# ]Ɋ& 5!Xx#@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=631af5e5-fa03-4da2-a413-72b1611833cc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Ax# ]Ɋ& 5!Xx#A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=631af5e5-fa03-4da2-a413-72b1611833cc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi**Bx# ]Ɋ& 7!Xx#B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=631af5e5-fa03-4da2-a413-72b1611833cc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0C# ]Ɋ& !#C F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=631af5e5-fa03-4da2-a413-72b1611833cc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d3888297-67b7-4fa3-8ab3-9ca38a7b35bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@D# ]Ɋ& !#D F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=631af5e5-fa03-4da2-a413-72b1611833cc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d3888297-67b7-4fa3-8ab3-9ca38a7b35bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XE# ]Ɋ& !X#E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bf5d9fe2-f2ce-415c-a322-810edcef9e58 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**pFB# ]Ɋ& !XB#F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bf5d9fe2-f2ce-415c-a322-810edcef9e58 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**hGB# ]Ɋ& !XB#G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bf5d9fe2-f2ce-415c-a322-810edcef9e58 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`HB# ]Ɋ& !XB#H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bf5d9fe2-f2ce-415c-a322-810edcef9e58 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`IB# ]Ɋ& !XB#I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bf5d9fe2-f2ce-415c-a322-810edcef9e58 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hJB# ]Ɋ& !XB#J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bf5d9fe2-f2ce-415c-a322-810edcef9e58 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h ]Ɋ& X B#ElfChnkK{K{;  Mu=VysMc&&**KB# ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !B#K F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bf5d9fe2-f2ce-415c-a322-810edcef9e58 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d6b8604-c05a-4615-b0c7-008426354fc1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**LB# ]Ɋ& !B#L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bf5d9fe2-f2ce-415c-a322-810edcef9e58 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d6b8604-c05a-4615-b0c7-008426354fc1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8MB# ]Ɋ& !XB#M F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=659f28e7-e251-47e2-8a75-0adde06be2b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PNB# ]Ɋ& !XB#N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=659f28e7-e251-47e2-8a75-0adde06be2b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**POB# ]Ɋ& !XB#O F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=659f28e7-e251-47e2-8a75-0adde06be2b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**P**HPB# ]Ɋ& !XB#P F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=659f28e7-e251-47e2-8a75-0adde06be2b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**HQB# ]Ɋ& !XB#Q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=659f28e7-e251-47e2-8a75-0adde06be2b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**HRB# ]Ɋ& !XB#R F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=659f28e7-e251-47e2-8a75-0adde06be2b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**SB# ]Ɋ& !B#S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=659f28e7-e251-47e2-8a75-0adde06be2b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=451b1923-dc18-4296-a21d-6f35b0e4eaaa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLi**TB# ]Ɋ& !B#T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=659f28e7-e251-47e2-8a75-0adde06be2b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=451b1923-dc18-4296-a21d-6f35b0e4eaaa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**XUHۘ# ]Ɋ& !XHۘ#U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f1f190d2-3910-4dff-a2a5-83502850a1cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNamX**pVHۘ# ]Ɋ& !XHۘ#V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f1f190d2-3910-4dff-a2a5-83502850a1cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**hWHۘ# ]Ɋ& !XHۘ#W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f1f190d2-3910-4dff-a2a5-83502850a1cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**`XHۘ# ]Ɋ& !XHۘ#X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f1f190d2-3910-4dff-a2a5-83502850a1cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca`**`YHۘ# ]Ɋ& !XHۘ#Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f1f190d2-3910-4dff-a2a5-83502850a1cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`ZHۘ# ]Ɋ& !XHۘ#Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f1f190d2-3910-4dff-a2a5-83502850a1cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F`**[Hۘ# ]Ɋ& !Hۘ#[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f1f190d2-3910-4dff-a2a5-83502850a1cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b8fb61ca-f311-49bd-a658-d906b40290cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\Hۘ# ]Ɋ& !Hۘ#\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f1f190d2-3910-4dff-a2a5-83502850a1cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b8fb61ca-f311-49bd-a658-d906b40290cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(]Hۘ# ]Ɋ& !XHۘ#] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=660dbca7-890e-4151-bccd-17c753fec2cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@^Hۘ# ]Ɋ& !XHۘ#^ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=660dbca7-890e-4151-bccd-17c753fec2cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@_Hۘ# ]Ɋ& !XHۘ#_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=660dbca7-890e-4151-bccd-17c753fec2cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da@**8`Hۘ# ]Ɋ& !XHۘ#` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=660dbca7-890e-4151-bccd-17c753fec2cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on\8**8aHۘ# ]Ɋ& !XHۘ#a F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=660dbca7-890e-4151-bccd-17c753fec2cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver8**8bHۘ# ]Ɋ& !XHۘ#b F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=660dbca7-890e-4151-bccd-17c753fec2cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**cHۘ# ]Ɋ& !Hۘ#c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=660dbca7-890e-4151-bccd-17c753fec2cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b3eb669a-bb4c-4480-b231-fafbb4586038 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri**ds# ]Ɋ& !s#d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=660dbca7-890e-4151-bccd-17c753fec2cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b3eb669a-bb4c-4480-b231-fafbb4586038 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | O**Xe9֛# ]Ɋ& !X9֛#e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a16eade6-7761-4498-b262-d9ef29fcf324 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pf9֛# ]Ɋ& !X9֛#f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a16eade6-7761-4498-b262-d9ef29fcf324 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**pg9֛# ]Ɋ& !X9֛#g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a16eade6-7761-4498-b262-d9ef29fcf324 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fo]p**hh9֛# ]Ɋ& !X9֛#h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a16eade6-7761-4498-b262-d9ef29fcf324 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hi9֛# ]Ɋ& !X9֛#i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a16eade6-7761-4498-b262-d9ef29fcf324 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hj9֛# ]Ɋ& !X9֛#j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a16eade6-7761-4498-b262-d9ef29fcf324 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Coh**k9֛# ]Ɋ&  !9֛#k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a16eade6-7761-4498-b262-d9ef29fcf324 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c209900a-fe3d-48b8-865f-26b733aaf9cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ln# ]Ɋ& !n#l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a16eade6-7761-4498-b262-d9ef29fcf324 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c209900a-fe3d-48b8-865f-26b733aaf9cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**mn# ]Ɋ& '!Xn#m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6769686e-3bc4-41fe-922b-eb448ed7e52f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**nn# ]Ɋ& ?!Xn#n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6769686e-3bc4-41fe-922b-eb448ed7e52f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**on# ]Ɋ& ;!Xn#o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6769686e-3bc4-41fe-922b-eb448ed7e52f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as**pn# ]Ɋ& 3!Xn#p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6769686e-3bc4-41fe-922b-eb448ed7e52f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ing**qn# ]Ɋ& 3!Xn#q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6769686e-3bc4-41fe-922b-eb448ed7e52f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art**rn# ]Ɋ& 5!Xn#r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6769686e-3bc4-41fe-922b-eb448ed7e52f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65**0sn# ]Ɋ& !n#s F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6769686e-3bc4-41fe-922b-eb448ed7e52f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3af30e1f-6035-4596-8958-e8f35f98faae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@tf# ]Ɋ& !f#t F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6769686e-3bc4-41fe-922b-eb448ed7e52f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3af30e1f-6035-4596-8958-e8f35f98faae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fa3-@**u)){% ]Ɋ& )!X)){%u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30d8aea3-4fdf-424c-9603-72b663f1923f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**v)){% ]Ɋ& A!X)){%v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30d8aea3-4fdf-424c-9603-72b663f1923f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**w)){% ]Ɋ& =!X)){%w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30d8aea3-4fdf-424c-9603-72b663f1923f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5c**x)){% ]Ɋ& 5!X)){%x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30d8aea3-4fdf-424c-9603-72b663f1923f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**y)){% ]Ɋ& 5!X)){%y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30d8aea3-4fdf-424c-9603-72b663f1923f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**z)){% ]Ɋ& 7!X)){%z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30d8aea3-4fdf-424c-9603-72b663f1923f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0{)){% ]Ɋ& !)){%{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30d8aea3-4fdf-424c-9603-72b663f1923f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d01aaaac-71eb-4dbd-9e94-2e50e31a89bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X B#ElfChnk||X9Mu=VysMc&&**@|V/+{% ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!V/+{%| F&F%g>9{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30d8aea3-4fdf-424c-9603-72b663f1923f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d01aaaac-71eb-4dbd-9e94-2e50e31a89bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X}V/+{% ]Ɋ& !XV/+{%} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a4b27e14-629f-4f76-be90-c99e59765b06 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=615X**p~V/+{% ]Ɋ& !XV/+{%~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a4b27e14-629f-4f76-be90-c99e59765b06 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**hV/+{% ]Ɋ& !XV/+{% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a4b27e14-629f-4f76-be90-c99e59765b06 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`V/+{% ]Ɋ& !XV/+{% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a4b27e14-629f-4f76-be90-c99e59765b06 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`V/+{% ]Ɋ& !XV/+{% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a4b27e14-629f-4f76-be90-c99e59765b06 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hV/+{% ]Ɋ& !XV/+{% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a4b27e14-629f-4f76-be90-c99e59765b06 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**V/+{% ]Ɋ&  !V/+{% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a4b27e14-629f-4f76-be90-c99e59765b06 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed3e3581-eda5-4aea-8d45-c90c9738bc81 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**V/+{% ]Ɋ& !V/+{% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a4b27e14-629f-4f76-be90-c99e59765b06 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed3e3581-eda5-4aea-8d45-c90c9738bc81 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8V/+{% ]Ɋ& !XV/+{% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2cebde9c-2c1f-48be-aaac-02151a2eb8c4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**PV/+{% ]Ɋ& !XV/+{% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2cebde9c-2c1f-48be-aaac-02151a2eb8c4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**PV/+{% ]Ɋ& !XV/+{% F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2cebde9c-2c1f-48be-aaac-02151a2eb8c4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**HV/+{% ]Ɋ& !XV/+{% F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2cebde9c-2c1f-48be-aaac-02151a2eb8c4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**HV/+{% ]Ɋ& !XV/+{% F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2cebde9c-2c1f-48be-aaac-02151a2eb8c4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**HV/+{% ]Ɋ& !XV/+{% F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2cebde9c-2c1f-48be-aaac-02151a2eb8c4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**+{% ]Ɋ& !+{% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2cebde9c-2c1f-48be-aaac-02151a2eb8c4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=070d34a5-1e6a-4d64-874b-6f072bc8ebdb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**+{% ]Ɋ& !+{% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2cebde9c-2c1f-48be-aaac-02151a2eb8c4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=070d34a5-1e6a-4d64-874b-6f072bc8ebdb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**X+{% ]Ɋ& !X+{% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=041d245f-51bb-4e62-b13d-7db8e7198a63 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-d90X**p+{% ]Ɋ& !X+{% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=041d245f-51bb-4e62-b13d-7db8e7198a63 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h+{% ]Ɋ& !X+{% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=041d245f-51bb-4e62-b13d-7db8e7198a63 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`+{% ]Ɋ& !X+{% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=041d245f-51bb-4e62-b13d-7db8e7198a63 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e-`**`+{% ]Ɋ& !X+{% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=041d245f-51bb-4e62-b13d-7db8e7198a63 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`+{% ]Ɋ& !X+{% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=041d245f-51bb-4e62-b13d-7db8e7198a63 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**+{% ]Ɋ& !+{% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=041d245f-51bb-4e62-b13d-7db8e7198a63 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=57d4972a-87e4-4c10-9315-6e2c278bb67a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**+{% ]Ɋ& !+{% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=041d245f-51bb-4e62-b13d-7db8e7198a63 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=57d4972a-87e4-4c10-9315-6e2c278bb67a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(+{% ]Ɋ& !X+{% F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5cc653df-75f3-44a1-b9e8-29ef581bac92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@+{% ]Ɋ& !X+{% F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5cc653df-75f3-44a1-b9e8-29ef581bac92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@+{% ]Ɋ& !X+{% F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5cc653df-75f3-44a1-b9e8-29ef581bac92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8+{% ]Ɋ& !X+{% F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5cc653df-75f3-44a1-b9e8-29ef581bac92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8+{% ]Ɋ& !X+{% F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5cc653df-75f3-44a1-b9e8-29ef581bac92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8+{% ]Ɋ& !X+{% F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5cc653df-75f3-44a1-b9e8-29ef581bac92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**+{% ]Ɋ& !+{% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5cc653df-75f3-44a1-b9e8-29ef581bac92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5420aca0-972e-4605-a6ae-d2e472756e82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **`,{% ]Ɋ& !`,{% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5cc653df-75f3-44a1-b9e8-29ef581bac92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5420aca0-972e-4605-a6ae-d2e472756e82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**XG*.{% ]Ɋ& !XG*.{% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cc358cfd-12ed-40e8-b252-593494e347d3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pG*.{% ]Ɋ& !XG*.{% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cc358cfd-12ed-40e8-b252-593494e347d3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pG*.{% ]Ɋ& !XG*.{% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cc358cfd-12ed-40e8-b252-593494e347d3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**hG*.{% ]Ɋ& !XG*.{% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cc358cfd-12ed-40e8-b252-593494e347d3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**hG*.{% ]Ɋ& !XG*.{% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cc358cfd-12ed-40e8-b252-593494e347d3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**hG*.{% ]Ɋ& !XG*.{% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cc358cfd-12ed-40e8-b252-593494e347d3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh**G*.{% ]Ɋ&  !G*.{% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cc358cfd-12ed-40e8-b252-593494e347d3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=21cac9ab-9052-4288-ac58-c941d4bcdfe6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**.{% ]Ɋ& !.{% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cc358cfd-12ed-40e8-b252-593494e347d3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=21cac9ab-9052-4288-ac58-c941d4bcdfe6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**.{% ]Ɋ& '!X.{% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1b9859d9-f3ae-4fb4-a81f-bbb8a424b10d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**.{% ]Ɋ& ?!X.{% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1b9859d9-f3ae-4fb4-a81f-bbb8a424b10d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**.{% ]Ɋ& ;!X.{% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1b9859d9-f3ae-4fb4-a81f-bbb8a424b10d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**.{% ]Ɋ& 3!X.{% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1b9859d9-f3ae-4fb4-a81f-bbb8a424b10d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro**.{% ]Ɋ& 3!X.{% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1b9859d9-f3ae-4fb4-a81f-bbb8a424b10d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=%**.{% ]Ɋ& 5!X.{% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1b9859d9-f3ae-4fb4-a81f-bbb8a424b10d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0.{% ]Ɋ& !.{% F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1b9859d9-f3ae-4fb4-a81f-bbb8a424b10d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fcb43e8c-7c19-4159-9cfb-31f811870178 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os /{% F&on=4.0 HostId=30d8aea3-4fdf-424c-9603-72b663f1923f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d01aaaac-71eb-4dbd-9e94-2e50e31a89bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X B#ElfChnk^J Mu=VysMc&&**@ /{% ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !! /{% F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1b9859d9-f3ae-4fb4-a81f-bbb8a424b10d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fcb43e8c-7c19-4159-9cfb-31f811870178 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ ** ;& ]Ɋ& )!X ;& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4f652ef6-47d4-49fd-b61b-445a77d83c20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=3 ** ;& ]Ɋ& A!X ;& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4f652ef6-47d4-49fd-b61b-445a77d83c20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNa** ;& ]Ɋ& =!X ;& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4f652ef6-47d4-49fd-b61b-445a77d83c20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ;& ]Ɋ& 5!X ;& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4f652ef6-47d4-49fd-b61b-445a77d83c20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ;& ]Ɋ& 5!X ;& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4f652ef6-47d4-49fd-b61b-445a77d83c20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=** ;& ]Ɋ& 7!X ;& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4f652ef6-47d4-49fd-b61b-445a77d83c20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0 ;& ]Ɋ& ! ;& F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4f652ef6-47d4-49fd-b61b-445a77d83c20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=442ad7ce-ed94-4046-ad33-f34bc0f901f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@Q;& ]Ɋ& !Q;& F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4f652ef6-47d4-49fd-b61b-445a77d83c20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=442ad7ce-ed94-4046-ad33-f34bc0f901f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**XQ;& ]Ɋ& !XQ;& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a18a3d8e-bcbc-4dc8-b071-e45606943fdb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**pQ;& ]Ɋ& !XQ;& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a18a3d8e-bcbc-4dc8-b071-e45606943fdb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**hQ;& ]Ɋ& !XQ;& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a18a3d8e-bcbc-4dc8-b071-e45606943fdb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`Q;& ]Ɋ& !XQ;& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a18a3d8e-bcbc-4dc8-b071-e45606943fdb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`Q;& ]Ɋ& !XQ;& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a18a3d8e-bcbc-4dc8-b071-e45606943fdb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**hQ;& ]Ɋ& !XQ;& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a18a3d8e-bcbc-4dc8-b071-e45606943fdb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**Q;& ]Ɋ&  !Q;& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a18a3d8e-bcbc-4dc8-b071-e45606943fdb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8903158e-0800-4322-a906-7a60553919cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **Q;& ]Ɋ& !Q;& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a18a3d8e-bcbc-4dc8-b071-e45606943fdb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8903158e-0800-4322-a906-7a60553919cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8Z;& ]Ɋ& !XZ;& F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ba51f13e-c299-4dab-afd8-d56759a9cd27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**PZ;& ]Ɋ& !XZ;& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ba51f13e-c299-4dab-afd8-d56759a9cd27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**PZ;& ]Ɋ& !XZ;& F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ba51f13e-c299-4dab-afd8-d56759a9cd27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**HZ;& ]Ɋ& !XZ;& F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ba51f13e-c299-4dab-afd8-d56759a9cd27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**HZ;& ]Ɋ& !XZ;& F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ba51f13e-c299-4dab-afd8-d56759a9cd27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**HZ;& ]Ɋ& !XZ;& F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ba51f13e-c299-4dab-afd8-d56759a9cd27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**Z;& ]Ɋ& !Z;& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ba51f13e-c299-4dab-afd8-d56759a9cd27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2f8e0cee-eb7b-46cf-84fa-8e46e53b04a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**Z;& ]Ɋ& !Z;& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ba51f13e-c299-4dab-afd8-d56759a9cd27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2f8e0cee-eb7b-46cf-84fa-8e46e53b04a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**XZ;& ]Ɋ& !XZ;& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08ea592c-9f20-404f-b3b6-cc8e86087fd2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**pZ;& ]Ɋ& !XZ;& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08ea592c-9f20-404f-b3b6-cc8e86087fd2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**hZ;& ]Ɋ& !XZ;& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08ea592c-9f20-404f-b3b6-cc8e86087fd2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`Z;& ]Ɋ& !XZ;& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08ea592c-9f20-404f-b3b6-cc8e86087fd2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`Z;& ]Ɋ& !XZ;& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08ea592c-9f20-404f-b3b6-cc8e86087fd2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`Z;& ]Ɋ& !XZ;& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08ea592c-9f20-404f-b3b6-cc8e86087fd2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**Z;& ]Ɋ& !Z;& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08ea592c-9f20-404f-b3b6-cc8e86087fd2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9f365275-6a95-49e7-924d-54b217d40b6a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**;& ]Ɋ& !;& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08ea592c-9f20-404f-b3b6-cc8e86087fd2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9f365275-6a95-49e7-924d-54b217d40b6a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(;& ]Ɋ& !X;& F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f2f70d0e-6d7a-4d5e-ae04-07f13cb4dead HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@;& ]Ɋ& !X;& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f2f70d0e-6d7a-4d5e-ae04-07f13cb4dead HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@;& ]Ɋ& !X;& F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f2f70d0e-6d7a-4d5e-ae04-07f13cb4dead HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8;& ]Ɋ& !X;& F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f2f70d0e-6d7a-4d5e-ae04-07f13cb4dead HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8;& ]Ɋ& !X;& F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f2f70d0e-6d7a-4d5e-ae04-07f13cb4dead HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8;& ]Ɋ& !X;& F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f2f70d0e-6d7a-4d5e-ae04-07f13cb4dead HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**;& ]Ɋ& !;& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f2f70d0e-6d7a-4d5e-ae04-07f13cb4dead HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=da2ce565-4508-4399-bbb2-86199e8d7272 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**;& ]Ɋ& !;& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f2f70d0e-6d7a-4d5e-ae04-07f13cb4dead HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=da2ce565-4508-4399-bbb2-86199e8d7272 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**XK;& ]Ɋ& !XK;& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=53c5ef3a-f5a2-490f-b2c5-a45b80030313 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pK;& ]Ɋ& !XK;& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=53c5ef3a-f5a2-490f-b2c5-a45b80030313 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pK;& ]Ɋ& !XK;& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=53c5ef3a-f5a2-490f-b2c5-a45b80030313 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hK;& ]Ɋ& !XK;& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=53c5ef3a-f5a2-490f-b2c5-a45b80030313 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hK;& ]Ɋ& !XK;& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=53c5ef3a-f5a2-490f-b2c5-a45b80030313 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8a4h**hK;& ]Ɋ& !XK;& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=53c5ef3a-f5a2-490f-b2c5-a45b80030313 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**K;& ]Ɋ&  !K;& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=53c5ef3a-f5a2-490f-b2c5-a45b80030313 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e8a099de-fc61-4243-a160-4770a75d74b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**};& ]Ɋ& !};& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=53c5ef3a-f5a2-490f-b2c5-a45b80030313 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e8a099de-fc61-4243-a160-4770a75d74b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**x;& ]Ɋ& '!Xx;& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8996a3cb-5bd8-4261-bb60-fbda3edcaff7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(n-US')))}} | ]Ɋ& dOXx;& F&=4.0 RunspaceId=fcb43e8c-7c19-4159-9cfb-31f811870178 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os /{% F&on=4.0 HostId=30d8aea3-4fdf-424c-9603-72b663f1923f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d01aaaac-71eb-4dbd-9e94-2e50e31a89bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X B#ElfChnk0+GMu=VysMc&&** x;& ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xx;& F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8996a3cb-5bd8-4261-bb60-fbda3edcaff7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt **x;& ]Ɋ& ;!Xx;& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8996a3cb-5bd8-4261-bb60-fbda3edcaff7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**x;& ]Ɋ& 3!Xx;& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8996a3cb-5bd8-4261-bb60-fbda3edcaff7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma**x;& ]Ɋ& 3!Xx;& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8996a3cb-5bd8-4261-bb60-fbda3edcaff7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0**x;& ]Ɋ& 5!Xx;& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8996a3cb-5bd8-4261-bb60-fbda3edcaff7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0x;& ]Ɋ& !x;& F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8996a3cb-5bd8-4261-bb60-fbda3edcaff7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8b03339c-3551-4c95-b23e-a4d09e6a2378 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI0**@;& ]Ɋ& !;& F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8996a3cb-5bd8-4261-bb60-fbda3edcaff7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8b03339c-3551-4c95-b23e-a4d09e6a2378 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**?"( ]Ɋ& )!X?"( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aaa8bf3f-f59b-4bdb-9c8f-376efb98963e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**?"( ]Ɋ& A!X?"( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aaa8bf3f-f59b-4bdb-9c8f-376efb98963e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntiv**?"( ]Ɋ& =!X?"( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aaa8bf3f-f59b-4bdb-9c8f-376efb98963e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**?"( ]Ɋ& 5!X?"( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aaa8bf3f-f59b-4bdb-9c8f-376efb98963e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3d**?"( ]Ɋ& 5!X?"( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aaa8bf3f-f59b-4bdb-9c8f-376efb98963e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um**?"( ]Ɋ& 7!X?"( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aaa8bf3f-f59b-4bdb-9c8f-376efb98963e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0?"( ]Ɋ& !?"( F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aaa8bf3f-f59b-4bdb-9c8f-376efb98963e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9f656e56-9672-4996-b61d-c20afff3b116 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@պ( ]Ɋ& !պ( F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aaa8bf3f-f59b-4bdb-9c8f-376efb98963e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9f656e56-9672-4996-b61d-c20afff3b116 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= @**XlS( ]Ɋ& !XlS( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e61ca19f-da58-492c-8bb8-7f68643d4c12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==X**plS( ]Ɋ& !XlS( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e61ca19f-da58-492c-8bb8-7f68643d4c12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Zp**hlS( ]Ɋ& !XlS( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e61ca19f-da58-492c-8bb8-7f68643d4c12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`lS( ]Ɋ& !XlS( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e61ca19f-da58-492c-8bb8-7f68643d4c12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`lS( ]Ɋ& !XlS( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e61ca19f-da58-492c-8bb8-7f68643d4c12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hlS( ]Ɋ& !XlS( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e61ca19f-da58-492c-8bb8-7f68643d4c12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**lS( ]Ɋ&  !lS( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e61ca19f-da58-492c-8bb8-7f68643d4c12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9e28105-e13f-43f9-b3d1-8e9759134a8f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**lS( ]Ɋ& !lS( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e61ca19f-da58-492c-8bb8-7f68643d4c12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9e28105-e13f-43f9-b3d1-8e9759134a8f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8lS( ]Ɋ& !XlS( F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b77bc008-040e-4698-995f-45cc6c5b1d97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PlS( ]Ɋ& !XlS( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b77bc008-040e-4698-995f-45cc6c5b1d97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PlS( ]Ɋ& !XlS( F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b77bc008-040e-4698-995f-45cc6c5b1d97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HlS( ]Ɋ& !XlS( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b77bc008-040e-4698-995f-45cc6c5b1d97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HlS( ]Ɋ& !XlS( F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b77bc008-040e-4698-995f-45cc6c5b1d97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HlS( ]Ɋ& !XlS( F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b77bc008-040e-4698-995f-45cc6c5b1d97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**lS( ]Ɋ& !lS( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b77bc008-040e-4698-995f-45cc6c5b1d97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=49d4329f-2d98-4a61-afe5-c7cdb59fbe9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****쩟( ]Ɋ& !쩟( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b77bc008-040e-4698-995f-45cc6c5b1d97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=49d4329f-2d98-4a61-afe5-c7cdb59fbe9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**X쩟( ]Ɋ& !X쩟( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4ee2f2d9-9ecb-4be6-9ddb-1394eea007ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginX**p쩟( ]Ɋ& !X쩟( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4ee2f2d9-9ecb-4be6-9ddb-1394eea007ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**h쩟( ]Ɋ& !X쩟( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4ee2f2d9-9ecb-4be6-9ddb-1394eea007ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leh**`쩟( ]Ɋ& !X쩟( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4ee2f2d9-9ecb-4be6-9ddb-1394eea007ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H`**`쩟( ]Ɋ& !X쩟( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4ee2f2d9-9ecb-4be6-9ddb-1394eea007ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`쩟( ]Ɋ& !X쩟( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4ee2f2d9-9ecb-4be6-9ddb-1394eea007ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**쩟( ]Ɋ& !쩟( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4ee2f2d9-9ecb-4be6-9ddb-1394eea007ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df87c240-6459-4f52-a934-78ce826fd91a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**쩟( ]Ɋ& !쩟( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4ee2f2d9-9ecb-4be6-9ddb-1394eea007ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df87c240-6459-4f52-a934-78ce826fd91a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**(쩟( ]Ɋ& !X쩟( F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cd69569a-5bf5-4afb-994f-e58dbf32fcf9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@쩟( ]Ɋ& !X쩟( F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cd69569a-5bf5-4afb-994f-e58dbf32fcf9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@쩟( ]Ɋ& !X쩟( F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cd69569a-5bf5-4afb-994f-e58dbf32fcf9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= en@**8쩟( ]Ɋ& !X쩟( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cd69569a-5bf5-4afb-994f-e58dbf32fcf9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8 쩟( ]Ɋ& !X쩟(  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cd69569a-5bf5-4afb-994f-e58dbf32fcf9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K8**8 쩟( ]Ɋ& !X쩟(  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cd69569a-5bf5-4afb-994f-e58dbf32fcf9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8** ( ]Ɋ& !(  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cd69569a-5bf5-4afb-994f-e58dbf32fcf9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a55db17f-55c1-468f-acdf-24383d3eb4e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='i** /( ]Ɋ& !/(  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cd69569a-5bf5-4afb-994f-e58dbf32fcf9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a55db17f-55c1-468f-acdf-24383d3eb4e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | f**X 欟( ]Ɋ& !X欟(  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3421fe25-ae0d-4c9a-bc30-eeca15159a54 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p欟( ]Ɋ& !X欟( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3421fe25-ae0d-4c9a-bc30-eeca15159a54 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=op**p欟( ]Ɋ& !X欟( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3421fe25-ae0d-4c9a-bc30-eeca15159a54 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,Dp**h欟( ]Ɋ& !X欟( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3421fe25-ae0d-4c9a-bc30-eeca15159a54 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nabhd | Out-Stri ]Ɋ& d=X欟( F&31a89bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X B#ElfChnkCCyo?Mu=VysMc&&**h 欟( ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!X欟( F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3421fe25-ae0d-4c9a-bc30-eeca15159a54 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h欟( ]Ɋ& !X欟( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3421fe25-ae0d-4c9a-bc30-eeca15159a54 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**( ]Ɋ&  !( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3421fe25-ae0d-4c9a-bc30-eeca15159a54 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11c65285-957c-482d-b822-eb63faf9eec0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**( ]Ɋ& !( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3421fe25-ae0d-4c9a-bc30-eeca15159a54 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11c65285-957c-482d-b822-eb63faf9eec0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name** ( ]Ɋ& '!X ( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bd5a488b-0bfe-4f3c-a84d-ce5f6846f965 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m** ( ]Ɋ& ?!X ( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bd5a488b-0bfe-4f3c-a84d-ce5f6846f965 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w** ( ]Ɋ& ;!X ( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bd5a488b-0bfe-4f3c-a84d-ce5f6846f965 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=76e** ( ]Ɋ& 3!X ( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bd5a488b-0bfe-4f3c-a84d-ce5f6846f965 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ( ]Ɋ& 3!X ( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bd5a488b-0bfe-4f3c-a84d-ce5f6846f965 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=efb** ( ]Ɋ& 5!X ( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bd5a488b-0bfe-4f3c-a84d-ce5f6846f965 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0 ( ]Ɋ& ! ( F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bd5a488b-0bfe-4f3c-a84d-ce5f6846f965 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1aa98866-35f4-4f75-9d0b-eea50bfac72d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@( ]Ɋ& !( F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bd5a488b-0bfe-4f3c-a84d-ce5f6846f965 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1aa98866-35f4-4f75-9d0b-eea50bfac72d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**an{+ ]Ɋ& )!Xan{+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=58f2db88-5205-43af-8981-7081c040572d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **an{+ ]Ɋ& A!Xan{+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=58f2db88-5205-43af-8981-7081c040572d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**an{+ ]Ɋ& =!Xan{+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=58f2db88-5205-43af-8981-7081c040572d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |** an{+ ]Ɋ& 5!Xan{+  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=58f2db88-5205-43af-8981-7081c040572d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**!an{+ ]Ɋ& 5!Xan{+! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=58f2db88-5205-43af-8981-7081c040572d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**"an{+ ]Ɋ& 7!Xan{+" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=58f2db88-5205-43af-8981-7081c040572d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0#an{+ ]Ɋ& !an{+# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=58f2db88-5205-43af-8981-7081c040572d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2e17e4f7-2cba-4354-a28d-b4e7bdf1b52d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@$|+ ]Ɋ& !|+$ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=58f2db88-5205-43af-8981-7081c040572d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2e17e4f7-2cba-4354-a28d-b4e7bdf1b52d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**X%|+ ]Ɋ& !X|+% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d105e805-b2d3-4113-88a2-36abee44d345 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p&|+ ]Ɋ& !X|+& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d105e805-b2d3-4113-88a2-36abee44d345 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**h'|+ ]Ɋ& !X|+' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d105e805-b2d3-4113-88a2-36abee44d345 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`(|+ ]Ɋ& !X|+( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d105e805-b2d3-4113-88a2-36abee44d345 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`)|+ ]Ɋ& !X|+) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d105e805-b2d3-4113-88a2-36abee44d345 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h*|+ ]Ɋ& !X|+* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d105e805-b2d3-4113-88a2-36abee44d345 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**+|+ ]Ɋ&  !|++ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d105e805-b2d3-4113-88a2-36abee44d345 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a3030331-efee-4a30-8a20-284906d234f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**,|+ ]Ɋ& !|+, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d105e805-b2d3-4113-88a2-36abee44d345 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a3030331-efee-4a30-8a20-284906d234f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8-|+ ]Ɋ& !X|+- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e21d165e-56d5-41eb-bf59-67de1889d195 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**P.|+ ]Ɋ& !X|+. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e21d165e-56d5-41eb-bf59-67de1889d195 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P/|+ ]Ɋ& !X|+/ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e21d165e-56d5-41eb-bf59-67de1889d195 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**H0|+ ]Ɋ& !X|+0 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e21d165e-56d5-41eb-bf59-67de1889d195 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**H1|+ ]Ɋ& !X|+1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e21d165e-56d5-41eb-bf59-67de1889d195 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**H2|+ ]Ɋ& !X|+2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e21d165e-56d5-41eb-bf59-67de1889d195 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**3|+ ]Ɋ& !|+3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e21d165e-56d5-41eb-bf59-67de1889d195 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=971c4ebe-d2a1-4292-a036-337823b1ac8d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**4%8}+ ]Ɋ& !%8}+4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e21d165e-56d5-41eb-bf59-67de1889d195 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=971c4ebe-d2a1-4292-a036-337823b1ac8d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X5%8}+ ]Ɋ& !X%8}+5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=344c4d75-a7dd-4658-98e3-78a3636a0905 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**p6%8}+ ]Ɋ& !X%8}+6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=344c4d75-a7dd-4658-98e3-78a3636a0905 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**h7%8}+ ]Ɋ& !X%8}+7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=344c4d75-a7dd-4658-98e3-78a3636a0905 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`8%8}+ ]Ɋ& !X%8}+8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=344c4d75-a7dd-4658-98e3-78a3636a0905 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`9%8}+ ]Ɋ& !X%8}+9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=344c4d75-a7dd-4658-98e3-78a3636a0905 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`:%8}+ ]Ɋ& !X%8}+: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=344c4d75-a7dd-4658-98e3-78a3636a0905 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**;%8}+ ]Ɋ& !%8}+; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=344c4d75-a7dd-4658-98e3-78a3636a0905 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c8712049-9c33-41b2-b759-3a747b2bbeaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**<%8}+ ]Ɋ& !%8}+< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=344c4d75-a7dd-4658-98e3-78a3636a0905 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c8712049-9c33-41b2-b759-3a747b2bbeaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(=%8}+ ]Ɋ& !X%8}+= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=71627e18-888d-4d80-a673-b94324d08f34 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@>%8}+ ]Ɋ& !X%8}+> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=71627e18-888d-4d80-a673-b94324d08f34 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@?%8}+ ]Ɋ& !X%8}+? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=71627e18-888d-4d80-a673-b94324d08f34 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@**8@%8}+ ]Ɋ& !X%8}+@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=71627e18-888d-4d80-a673-b94324d08f34 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da8**8A%8}+ ]Ɋ& !X%8}+A F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=71627e18-888d-4d80-a673-b94324d08f34 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\Un8**8B%8}+ ]Ɋ& !X%8}+B F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=71627e18-888d-4d80-a673-b94324d08f34 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on8**C%8}+ ]Ɋ& !%8}+C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=71627e18-888d-4d80-a673-b94324d08f34 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=119565d4-dd07-4508-82db-38aa3f3a7120 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id CommandNam ]Ɋ&  }+D F& B#ElfChnkDuDup>=xMu=VysMc&&** D}+ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! y!}+D F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=71627e18-888d-4d80-a673-b94324d08f34 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=119565d4-dd07-4508-82db-38aa3f3a7120 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XE+ ]Ɋ& !X+E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=060da1bf-4954-415c-8f7e-e1bdf68ff981 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sX**pF+ ]Ɋ& !X+F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=060da1bf-4954-415c-8f7e-e1bdf68ff981 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pG+ ]Ɋ& !X+G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=060da1bf-4954-415c-8f7e-e1bdf68ff981 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izep**hH+ ]Ɋ& !X+H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=060da1bf-4954-415c-8f7e-e1bdf68ff981 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**hI+ ]Ɋ& !X+I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=060da1bf-4954-415c-8f7e-e1bdf68ff981 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**hJ+ ]Ɋ& !X+J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=060da1bf-4954-415c-8f7e-e1bdf68ff981 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**K+ ]Ɋ&  !+K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=060da1bf-4954-415c-8f7e-e1bdf68ff981 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c777b7d1-615e-4f42-be7c-52281cb089cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**L3+ ]Ɋ& !3+L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=060da1bf-4954-415c-8f7e-e1bdf68ff981 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c777b7d1-615e-4f42-be7c-52281cb089cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**M3+ ]Ɋ& '!X3+M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=93b6e7ef-7020-4222-a46e-d48cf5a80e5a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**N3+ ]Ɋ& ?!X3+N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=93b6e7ef-7020-4222-a46e-d48cf5a80e5a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**O3+ ]Ɋ& ;!X3+O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=93b6e7ef-7020-4222-a46e-d48cf5a80e5a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta**P3+ ]Ɋ& 3!X3+P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=93b6e7ef-7020-4222-a46e-d48cf5a80e5a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**Q3+ ]Ɋ& 3!X3+Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=93b6e7ef-7020-4222-a46e-d48cf5a80e5a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ate**R3+ ]Ɋ& 5!X3+R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=93b6e7ef-7020-4222-a46e-d48cf5a80e5a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**0S3+ ]Ɋ& !3+S F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=93b6e7ef-7020-4222-a46e-d48cf5a80e5a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e56f8dfb-d742-444a-a04b-3365ee7ce9ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st0**@TBd+ ]Ɋ& !Bd+T F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=93b6e7ef-7020-4222-a46e-d48cf5a80e5a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e56f8dfb-d742-444a-a04b-3365ee7ce9ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam@**U}, ]Ɋ& )!X},U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c24a9c66-37a1-4c68-b709-e23cb33a110e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**V}, ]Ɋ& A!X},V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c24a9c66-37a1-4c68-b709-e23cb33a110e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**W}, ]Ɋ& =!X},W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c24a9c66-37a1-4c68-b709-e23cb33a110e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**X}, ]Ɋ& 5!X},X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c24a9c66-37a1-4c68-b709-e23cb33a110e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**Y}, ]Ɋ& 5!X},Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c24a9c66-37a1-4c68-b709-e23cb33a110e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**Z}, ]Ɋ& 7!X},Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c24a9c66-37a1-4c68-b709-e23cb33a110e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0[}, ]Ɋ& !},[ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c24a9c66-37a1-4c68-b709-e23cb33a110e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f435f5f2-393c-4186-9eb3-105f466112aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@\2}, ]Ɋ& !2},\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c24a9c66-37a1-4c68-b709-e23cb33a110e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f435f5f2-393c-4186-9eb3-105f466112aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X]2}, ]Ɋ& !X2},] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=acb1f9f2-e1ce-4ed6-8532-88a7ef6a632c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CX**p^2}, ]Ɋ& !X2},^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=acb1f9f2-e1ce-4ed6-8532-88a7ef6a632c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**h_2}, ]Ɋ& !X2},_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=acb1f9f2-e1ce-4ed6-8532-88a7ef6a632c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**``2}, ]Ɋ& !X2},` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=acb1f9f2-e1ce-4ed6-8532-88a7ef6a632c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`a2}, ]Ɋ& !X2},a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=acb1f9f2-e1ce-4ed6-8532-88a7ef6a632c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hb2}, ]Ɋ& !X2},b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=acb1f9f2-e1ce-4ed6-8532-88a7ef6a632c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**c2}, ]Ɋ&  !2},c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=acb1f9f2-e1ce-4ed6-8532-88a7ef6a632c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9dfb0f2d-d643-4769-b6af-636feef42fbb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**d2}, ]Ɋ& !2},d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=acb1f9f2-e1ce-4ed6-8532-88a7ef6a632c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9dfb0f2d-d643-4769-b6af-636feef42fbb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ew**8e2}, ]Ɋ& !X2},e F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1f1577c9-566b-4c4a-8de9-a2d6ce4f2620 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pf2}, ]Ɋ& !X2},f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1f1577c9-566b-4c4a-8de9-a2d6ce4f2620 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pg2}, ]Ɋ& !X2},g F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1f1577c9-566b-4c4a-8de9-a2d6ce4f2620 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hh2}, ]Ɋ& !X2},h F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1f1577c9-566b-4c4a-8de9-a2d6ce4f2620 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hi2}, ]Ɋ& !X2},i F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1f1577c9-566b-4c4a-8de9-a2d6ce4f2620 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**Hj2}, ]Ɋ& !X2},j F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1f1577c9-566b-4c4a-8de9-a2d6ce4f2620 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:H**k2}, ]Ɋ& !2},k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1f1577c9-566b-4c4a-8de9-a2d6ce4f2620 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03c49131-45f7-4621-96b7-10621a1bc5d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**lW}, ]Ɋ& !W},l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1f1577c9-566b-4c4a-8de9-a2d6ce4f2620 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03c49131-45f7-4621-96b7-10621a1bc5d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XmW}, ]Ɋ& !XW},m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ebdee24b-a8f3-460b-9dfb-49ef47309e28 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPatX**pnW}, ]Ɋ& !XW},n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ebdee24b-a8f3-460b-9dfb-49ef47309e28 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginp**hoW}, ]Ɋ& !XW},o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ebdee24b-a8f3-460b-9dfb-49ef47309e28 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alh**`pW}, ]Ɋ& !XW},p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ebdee24b-a8f3-460b-9dfb-49ef47309e28 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fi`**`qW}, ]Ɋ& !XW},q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ebdee24b-a8f3-460b-9dfb-49ef47309e28 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`rW}, ]Ɋ& !XW},r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ebdee24b-a8f3-460b-9dfb-49ef47309e28 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**sW}, ]Ɋ& !W},s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ebdee24b-a8f3-460b-9dfb-49ef47309e28 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9eb9661a-f0e2-4b27-8497-664da698e987 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**tW}, ]Ɋ& !W},t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ebdee24b-a8f3-460b-9dfb-49ef47309e28 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9eb9661a-f0e2-4b27-8497-664da698e987 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(uW}, ]Ɋ& !XW},u F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=094b9a11-73cc-4fa4-9a60-3eae4087a0cd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(andType= S ]Ɋ&  XW},v F&  }+D F& B#ElfChnkvv02X6Mu=VysMc&&**H vW}, ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! '!XW},v F&F%g>9{p(xlMD EventDatauoData !BinarytEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=094b9a11-73cc-4fa4-9a60-3eae4087a0cd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptH **@wW}, ]Ɋ& !XW},w F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=094b9a11-73cc-4fa4-9a60-3eae4087a0cd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIn@**8xW}, ]Ɋ& !XW},x F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=094b9a11-73cc-4fa4-9a60-3eae4087a0cd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=isp8**8yW}, ]Ɋ& !XW},y F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=094b9a11-73cc-4fa4-9a60-3eae4087a0cd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8zW}, ]Ɋ& !XW},z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=094b9a11-73cc-4fa4-9a60-3eae4087a0cd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc8**{W}, ]Ɋ& !W},{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=094b9a11-73cc-4fa4-9a60-3eae4087a0cd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=33d40b81-cbe3-4dc3-bb0f-2d82660735f6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|_}, ]Ɋ& !_},| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=094b9a11-73cc-4fa4-9a60-3eae4087a0cd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=33d40b81-cbe3-4dc3-bb0f-2d82660735f6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNa**X}# }, ]Ɋ& !X# },} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=edd9f431-bf7b-4dd3-bd75-0bb21090f3c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p~# }, ]Ɋ& !X# },~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=edd9f431-bf7b-4dd3-bd75-0bb21090f3c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p# }, ]Ɋ& !X# }, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=edd9f431-bf7b-4dd3-bd75-0bb21090f3c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=777p**h# }, ]Ɋ& !X# }, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=edd9f431-bf7b-4dd3-bd75-0bb21090f3c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**h# }, ]Ɋ& !X# }, F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=edd9f431-bf7b-4dd3-bd75-0bb21090f3c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3h**h# }, ]Ɋ& !X# }, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=edd9f431-bf7b-4dd3-bd75-0bb21090f3c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**# }, ]Ɋ&  !# }, F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=edd9f431-bf7b-4dd3-bd75-0bb21090f3c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a72e7bb8-8425-495d-94e0-04665a8c8f35 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**R }, ]Ɋ& !R }, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=edd9f431-bf7b-4dd3-bd75-0bb21090f3c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a72e7bb8-8425-495d-94e0-04665a8c8f35 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wers**P }, ]Ɋ& '!XP }, F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=26877bd1-fa1c-4019-b615-d666e8055fd9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**P }, ]Ɋ& ?!XP }, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=26877bd1-fa1c-4019-b615-d666e8055fd9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7**P }, ]Ɋ& ;!XP }, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=26877bd1-fa1c-4019-b615-d666e8055fd9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**P }, ]Ɋ& 3!XP }, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=26877bd1-fa1c-4019-b615-d666e8055fd9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**P }, ]Ɋ& 3!XP }, F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=26877bd1-fa1c-4019-b615-d666e8055fd9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**P }, ]Ɋ& 5!XP }, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=26877bd1-fa1c-4019-b615-d666e8055fd9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0P }, ]Ɋ& !P }, F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=26877bd1-fa1c-4019-b615-d666e8055fd9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=6685c68d-57f1-49c0-a22f-b9ea2e9ff3e8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0e0**@ }, ]Ɋ& ! }, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=26877bd1-fa1c-4019-b615-d666e8055fd9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=6685c68d-57f1-49c0-a22f-b9ea2e9ff3e8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**莌. ]Ɋ& )!X莌. F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b8fcb7b9-6bab-40e6-ab38-2aecbc0ab8db HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam**莌. ]Ɋ& A!X莌. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b8fcb7b9-6bab-40e6-ab38-2aecbc0ab8db HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**莌. ]Ɋ& =!X莌. F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b8fcb7b9-6bab-40e6-ab38-2aecbc0ab8db HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= A**莌. ]Ɋ& 5!X莌. F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b8fcb7b9-6bab-40e6-ab38-2aecbc0ab8db HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**莌. ]Ɋ& 5!X莌. F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b8fcb7b9-6bab-40e6-ab38-2aecbc0ab8db HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**莌. ]Ɋ& 7!X莌. F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b8fcb7b9-6bab-40e6-ab38-2aecbc0ab8db HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0~'. ]Ɋ& !~'. F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b8fcb7b9-6bab-40e6-ab38-2aecbc0ab8db HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=468cc0d6-b9e3-4d8a-b551-e00e5ee73de2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@. ]Ɋ& !. F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b8fcb7b9-6bab-40e6-ab38-2aecbc0ab8db HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=468cc0d6-b9e3-4d8a-b551-e00e5ee73de2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X. ]Ɋ& !X. F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c1ea1226-7e7a-4502-bf6d-e12f4860a816 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p. ]Ɋ& !X. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c1ea1226-7e7a-4502-bf6d-e12f4860a816 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h. ]Ɋ& !X. F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c1ea1226-7e7a-4502-bf6d-e12f4860a816 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2h**`. ]Ɋ& !X. F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c1ea1226-7e7a-4502-bf6d-e12f4860a816 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`. ]Ɋ& !X. F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c1ea1226-7e7a-4502-bf6d-e12f4860a816 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h. ]Ɋ& !X. F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c1ea1226-7e7a-4502-bf6d-e12f4860a816 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**. ]Ɋ&  !. F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c1ea1226-7e7a-4502-bf6d-e12f4860a816 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=76708879-a553-47a8-a322-867982d2598b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Non**X. ]Ɋ& !X. F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c1ea1226-7e7a-4502-bf6d-e12f4860a816 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=76708879-a553-47a8-a322-867982d2598b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8X. ]Ɋ& !XX. F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a06d4af3-28ff-4d14-ad65-9e4101a45caa HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s 8**PX. ]Ɋ& !XX. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a06d4af3-28ff-4d14-ad65-9e4101a45caa HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNP**PX. ]Ɋ& !XX. F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a06d4af3-28ff-4d14-ad65-9e4101a45caa HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StaP**HX. ]Ɋ& !XX. F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a06d4af3-28ff-4d14-ad65-9e4101a45caa HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HX. ]Ɋ& !XX. F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a06d4af3-28ff-4d14-ad65-9e4101a45caa HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HX. ]Ɋ& !XX. F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a06d4af3-28ff-4d14-ad65-9e4101a45caa HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**X. ]Ɋ& !X. F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a06d4af3-28ff-4d14-ad65-9e4101a45caa HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6abad381-c447-484c-896b-786ef6b756bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**X. ]Ɋ& !X. F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a06d4af3-28ff-4d14-ad65-9e4101a45caa HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6abad381-c447-484c-896b-786ef6b756bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XX. ]Ɋ& !XX. F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3e3055d9-489c-4942-846d-e99011fa5973 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pX. ]Ɋ& !XX. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3e3055d9-489c-4942-846d-e99011fa5973 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndTyp= ScriptNa ]Ɋ& = XX. F&  XW},v F&  }+D F& B#ElfChnk(xKOcHMu=VysMc&&**pX. ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!XX. F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3e3055d9-489c-4942-846d-e99011fa5973 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**`X. ]Ɋ& !XX. F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3e3055d9-489c-4942-846d-e99011fa5973 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io`**`X. ]Ɋ& !XX. F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3e3055d9-489c-4942-846d-e99011fa5973 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le`**`X. ]Ɋ& !XX. F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3e3055d9-489c-4942-846d-e99011fa5973 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**X. ]Ɋ& !X. F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3e3055d9-489c-4942-846d-e99011fa5973 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d8da8a3b-92fc-41d4-b4e9-076cd7b28b8f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**B. ]Ɋ& !B. F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3e3055d9-489c-4942-846d-e99011fa5973 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d8da8a3b-92fc-41d4-b4e9-076cd7b28b8f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**(B. ]Ɋ& !XB. F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7f1bcf50-419b-416f-9339-505875272468 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@B. ]Ɋ& !XB. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7f1bcf50-419b-416f-9339-505875272468 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@B. ]Ɋ& !XB. F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7f1bcf50-419b-416f-9339-505875272468 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 6@**8B. ]Ɋ& !XB. F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7f1bcf50-419b-416f-9339-505875272468 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8B. ]Ɋ& !XB. F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7f1bcf50-419b-416f-9339-505875272468 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nst8**8B. ]Ɋ& !XB. F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7f1bcf50-419b-416f-9339-505875272468 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.08**B. ]Ɋ& !B. F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7f1bcf50-419b-416f-9339-505875272468 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=23f6645d-b647-42aa-9019-a2365efe7cf7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **؉. ]Ɋ& !؉. F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7f1bcf50-419b-416f-9339-505875272468 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=23f6645d-b647-42aa-9019-a2365efe7cf7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=# **XS. ]Ɋ& !XS. F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fd634fad-dfa7-45ed-a916-58250ccbe7b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pS. ]Ɋ& !XS. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fd634fad-dfa7-45ed-a916-58250ccbe7b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pS. ]Ɋ& !XS. F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fd634fad-dfa7-45ed-a916-58250ccbe7b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**hS. ]Ɋ& !XS. F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fd634fad-dfa7-45ed-a916-58250ccbe7b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**hS. ]Ɋ& !XS. F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fd634fad-dfa7-45ed-a916-58250ccbe7b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**hS. ]Ɋ& !XS. F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fd634fad-dfa7-45ed-a916-58250ccbe7b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**S. ]Ɋ&  !S. F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fd634fad-dfa7-45ed-a916-58250ccbe7b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2f9a2a2a-d811-410f-977a-467161c5db58 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**2. ]Ɋ& !2. F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fd634fad-dfa7-45ed-a916-58250ccbe7b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2f9a2a2a-d811-410f-977a-467161c5db58 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= . |**2. ]Ɋ& '!X2. F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cf05ca75-9723-44ea-91c4-6daac1913ee8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**2. ]Ɋ& ?!X2. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cf05ca75-9723-44ea-91c4-6daac1913ee8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**2. ]Ɋ& ;!X2. F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cf05ca75-9723-44ea-91c4-6daac1913ee8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0a**2. ]Ɋ& 3!X2. F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cf05ca75-9723-44ea-91c4-6daac1913ee8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**2. ]Ɋ& 3!X2. F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cf05ca75-9723-44ea-91c4-6daac1913ee8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab8**2. ]Ɋ& 5!X2. F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cf05ca75-9723-44ea-91c4-6daac1913ee8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**02. ]Ɋ& !2. F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cf05ca75-9723-44ea-91c4-6daac1913ee8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=68b5f31e-7a7f-483f-90a9-30f8e14a481d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@_. ]Ɋ& !_. F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cf05ca75-9723-44ea-91c4-6daac1913ee8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=68b5f31e-7a7f-483f-90a9-30f8e14a481d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XPD1 ]Ɋ& )!XXPD1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c1079315-c128-4694-a30c-7598750ea55e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com**XPD1 ]Ɋ& A!XXPD1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c1079315-c128-4694-a30c-7598750ea55e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= **XPD1 ]Ɋ& =!XXPD1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c1079315-c128-4694-a30c-7598750ea55e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut**XPD1 ]Ɋ& 5!XXPD1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c1079315-c128-4694-a30c-7598750ea55e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 **XPD1 ]Ɋ& 5!XXPD1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c1079315-c128-4694-a30c-7598750ea55e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**XPD1 ]Ɋ& 7!XXPD1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c1079315-c128-4694-a30c-7598750ea55e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0XPD1 ]Ɋ& !XPD1 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c1079315-c128-4694-a30c-7598750ea55e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84ffc331-f723-4ea7-8007-8c8fa45dda13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t0**@%RD1 ]Ɋ& !%RD1 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c1079315-c128-4694-a30c-7598750ea55e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84ffc331-f723-4ea7-8007-8c8fa45dda13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=top@**X%RD1 ]Ɋ& !X%RD1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c5f0cc94-7a1c-4e60-a386-637aad8cf9c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p%RD1 ]Ɋ& !X%RD1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c5f0cc94-7a1c-4e60-a386-637aad8cf9c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stp**h%RD1 ]Ɋ& !X%RD1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c5f0cc94-7a1c-4e60-a386-637aad8cf9c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`%RD1 ]Ɋ& !X%RD1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c5f0cc94-7a1c-4e60-a386-637aad8cf9c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n`**`%RD1 ]Ɋ& !X%RD1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c5f0cc94-7a1c-4e60-a386-637aad8cf9c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**h%RD1 ]Ɋ& !X%RD1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c5f0cc94-7a1c-4e60-a386-637aad8cf9c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Stah**%RD1 ]Ɋ&  !%RD1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c5f0cc94-7a1c-4e60-a386-637aad8cf9c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d6eb2b2-0de6-4a1f-8089-267e102af02c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**%RD1 ]Ɋ& !%RD1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c5f0cc94-7a1c-4e60-a386-637aad8cf9c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d6eb2b2-0de6-4a1f-8089-267e102af02c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**8%RD1 ]Ɋ& !X%RD1 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=af313402-093e-4109-8bb9-34b6fd987dd7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**P%RD1 ]Ɋ& !X%RD1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=af313402-093e-4109-8bb9-34b6fd987dd7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ueP**P%RD1 ]Ɋ& !X%RD1 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=af313402-093e-4109-8bb9-34b6fd987dd7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P  ]Ɋ& F& XElfChnk0{$XMu=VysMc&&**H%RD1 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X%RD1 F&F%g>9{p(xlMD EventDatauoData !BinaryvFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=af313402-093e-4109-8bb9-34b6fd987dd7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H%RD1 ]Ɋ& !X%RD1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=af313402-093e-4109-8bb9-34b6fd987dd7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H%RD1 ]Ɋ& !X%RD1 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=af313402-093e-4109-8bb9-34b6fd987dd7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ScrH**%RD1 ]Ɋ& !%RD1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=af313402-093e-4109-8bb9-34b6fd987dd7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=24bdcc79-e324-4896-a2ce-b079d4a0269a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**RD1 ]Ɋ& !RD1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=af313402-093e-4109-8bb9-34b6fd987dd7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=24bdcc79-e324-4896-a2ce-b079d4a0269a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**XRD1 ]Ɋ& !XRD1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bdf8cfcc-ec0f-4d4b-b86e-b963fc16b41c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoX**pRD1 ]Ɋ& !XRD1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bdf8cfcc-ec0f-4d4b-b86e-b963fc16b41c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortp**hRD1 ]Ɋ& !XRD1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bdf8cfcc-ec0f-4d4b-b86e-b963fc16b41c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bah**`RD1 ]Ɋ& !XRD1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bdf8cfcc-ec0f-4d4b-b86e-b963fc16b41c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`RD1 ]Ɋ& !XRD1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bdf8cfcc-ec0f-4d4b-b86e-b963fc16b41c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq`**`RD1 ]Ɋ& !XRD1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bdf8cfcc-ec0f-4d4b-b86e-b963fc16b41c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**RD1 ]Ɋ& !RD1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bdf8cfcc-ec0f-4d4b-b86e-b963fc16b41c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f0ab2544-c8a4-4aa2-9d3e-be5ebb905f91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**RD1 ]Ɋ& !RD1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bdf8cfcc-ec0f-4d4b-b86e-b963fc16b41c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f0ab2544-c8a4-4aa2-9d3e-be5ebb905f91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **(VSD1 ]Ɋ& !XVSD1 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9bd15e19-8bcc-475b-9ddb-261fda48c4ab HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@VSD1 ]Ɋ& !XVSD1 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9bd15e19-8bcc-475b-9ddb-261fda48c4ab HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V@**@VSD1 ]Ɋ& !XVSD1 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9bd15e19-8bcc-475b-9ddb-261fda48c4ab HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te'@**8VSD1 ]Ɋ& !XVSD1 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9bd15e19-8bcc-475b-9ddb-261fda48c4ab HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent8**8VSD1 ]Ɋ& !XVSD1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9bd15e19-8bcc-475b-9ddb-261fda48c4ab HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t 8**8VSD1 ]Ɋ& !XVSD1 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9bd15e19-8bcc-475b-9ddb-261fda48c4ab HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**VSD1 ]Ɋ& !VSD1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9bd15e19-8bcc-475b-9ddb-261fda48c4ab HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4659f2e4-100a-4956-9cae-1845839055f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**HSD1 ]Ɋ& !HSD1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9bd15e19-8bcc-475b-9ddb-261fda48c4ab HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4659f2e4-100a-4956-9cae-1845839055f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ated**X UD1 ]Ɋ& !X UD1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5c7779a9-2027-47c0-8f97-1894bf6a3dbc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p UD1 ]Ɋ& !X UD1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5c7779a9-2027-47c0-8f97-1894bf6a3dbc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p UD1 ]Ɋ& !X UD1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5c7779a9-2027-47c0-8f97-1894bf6a3dbc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultp**h UD1 ]Ɋ& !X UD1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5c7779a9-2027-47c0-8f97-1894bf6a3dbc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthh**h UD1 ]Ɋ& !X UD1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5c7779a9-2027-47c0-8f97-1894bf6a3dbc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h UD1 ]Ɋ& !X UD1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5c7779a9-2027-47c0-8f97-1894bf6a3dbc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nah** UD1 ]Ɋ&  ! UD1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5c7779a9-2027-47c0-8f97-1894bf6a3dbc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bc6f2a46-c4a0-460b-989c-a6fa59e806bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**QVD1 ]Ɋ& !QVD1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5c7779a9-2027-47c0-8f97-1894bf6a3dbc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bc6f2a46-c4a0-460b-989c-a6fa59e806bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber=**QVD1 ]Ɋ& '!XQVD1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=31f414d8-af80-47d2-88ed-c303cc6200d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**QVD1 ]Ɋ& ?!XQVD1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=31f414d8-af80-47d2-88ed-c303cc6200d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **QVD1 ]Ɋ& ;!XQVD1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=31f414d8-af80-47d2-88ed-c303cc6200d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**QVD1 ]Ɋ& 3!XQVD1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=31f414d8-af80-47d2-88ed-c303cc6200d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ou**QVD1 ]Ɋ& 3!XQVD1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=31f414d8-af80-47d2-88ed-c303cc6200d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cti**QVD1 ]Ɋ& 5!XQVD1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31f414d8-af80-47d2-88ed-c303cc6200d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= -**0QVD1 ]Ɋ& !QVD1 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31f414d8-af80-47d2-88ed-c303cc6200d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4762bb85-a0d2-4031-8a42-ff73f559af57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te0**@9VD1 ]Ɋ& !9VD1 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31f414d8-af80-47d2-88ed-c303cc6200d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4762bb85-a0d2-4031-8a42-ff73f559af57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1-f7@**3 ]Ɋ& )!X3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c352b7ff-1474-48e7-93ff-73bd14faf91b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**3 ]Ɋ& A!X3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c352b7ff-1474-48e7-93ff-73bd14faf91b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mIns**3 ]Ɋ& =!X3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c352b7ff-1474-48e7-93ff-73bd14faf91b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-7**3 ]Ɋ& 5!X3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c352b7ff-1474-48e7-93ff-73bd14faf91b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**3 ]Ɋ& 5!X3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c352b7ff-1474-48e7-93ff-73bd14faf91b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**3 ]Ɋ& 7!X3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c352b7ff-1474-48e7-93ff-73bd14faf91b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**03 ]Ɋ& !3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c352b7ff-1474-48e7-93ff-73bd14faf91b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0d80b80-c9f9-4aad-9809-0a027afe5ddd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@3 ]Ɋ& !3 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c352b7ff-1474-48e7-93ff-73bd14faf91b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0d80b80-c9f9-4aad-9809-0a027afe5ddd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**X93 ]Ɋ& !X93 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6835ec64-f91f-4d76-b137-daee318cd5bb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**p93 ]Ɋ& !X93 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6835ec64-f91f-4d76-b137-daee318cd5bb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**h93 ]Ɋ& !X93 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6835ec64-f91f-4d76-b137-daee318cd5bb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`93 ]Ɋ& !X93 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6835ec64-f91f-4d76-b137-daee318cd5bb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X93  F&XElfChnk 8 8,JYhMu=VysMc&&**h 93 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!X93  F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6835ec64-f91f-4d76-b137-daee318cd5bb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h 93 ]Ɋ& !X93  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6835ec64-f91f-4d76-b137-daee318cd5bb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h** 93 ]Ɋ&  !93  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6835ec64-f91f-4d76-b137-daee318cd5bb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=97a1784b-d5d5-4adb-b19f-e358abdd103f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ** 93 ]Ɋ& !93  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6835ec64-f91f-4d76-b137-daee318cd5bb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=97a1784b-d5d5-4adb-b19f-e358abdd103f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**8 3 ]Ɋ& !X3  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=15a5cd77-fada-4b25-88b3-dbee35512fea HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P3 ]Ɋ& !X3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=15a5cd77-fada-4b25-88b3-dbee35512fea HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P3 ]Ɋ& !X3 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=15a5cd77-fada-4b25-88b3-dbee35512fea HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H3 ]Ɋ& !X3 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=15a5cd77-fada-4b25-88b3-dbee35512fea HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H3 ]Ɋ& !X3 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=15a5cd77-fada-4b25-88b3-dbee35512fea HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H3 ]Ɋ& !X3 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=15a5cd77-fada-4b25-88b3-dbee35512fea HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H**3 ]Ɋ& !3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=15a5cd77-fada-4b25-88b3-dbee35512fea HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8367b1f2-53ef-4464-b812-49eb0be0d4ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**3 ]Ɋ& !3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=15a5cd77-fada-4b25-88b3-dbee35512fea HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8367b1f2-53ef-4464-b812-49eb0be0d4ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xk3 ]Ɋ& !Xk3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=131a1e35-98ee-474a-999f-eb64c4a265e3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**pk3 ]Ɋ& !Xk3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=131a1e35-98ee-474a-999f-eb64c4a265e3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**hk3 ]Ɋ& !Xk3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=131a1e35-98ee-474a-999f-eb64c4a265e3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**`k3 ]Ɋ& !Xk3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=131a1e35-98ee-474a-999f-eb64c4a265e3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`k3 ]Ɋ& !Xk3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=131a1e35-98ee-474a-999f-eb64c4a265e3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`k3 ]Ɋ& !Xk3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=131a1e35-98ee-474a-999f-eb64c4a265e3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**k3 ]Ɋ& !k3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=131a1e35-98ee-474a-999f-eb64c4a265e3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9c3af823-e7fe-463d-87ff-cb4e2dd8ad0f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**k3 ]Ɋ& !k3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=131a1e35-98ee-474a-999f-eb64c4a265e3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9c3af823-e7fe-463d-87ff-cb4e2dd8ad0f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**(k3 ]Ɋ& !Xk3 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2d4d0bad-f974-4740-9a60-77305d8c6de0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@k3 ]Ɋ& !Xk3 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2d4d0bad-f974-4740-9a60-77305d8c6de0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9@**@k3 ]Ɋ& !Xk3 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2d4d0bad-f974-4740-9a60-77305d8c6de0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**8 k3 ]Ɋ& !Xk3  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2d4d0bad-f974-4740-9a60-77305d8c6de0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**8!k3 ]Ɋ& !Xk3! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2d4d0bad-f974-4740-9a60-77305d8c6de0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=27-8**8"k3 ]Ɋ& !Xk3" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2d4d0bad-f974-4740-9a60-77305d8c6de0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**#k3 ]Ɋ& !k3# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2d4d0bad-f974-4740-9a60-77305d8c6de0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=17934861-6584-4017-9d4c-3e4da2c80796 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**$F3 ]Ɋ& !F3$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2d4d0bad-f974-4740-9a60-77305d8c6de0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=17934861-6584-4017-9d4c-3e4da2c80796 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**X% 3 ]Ɋ& !X 3% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e3bdaa99-a65e-45ec-8959-817a751b32c8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p& 3 ]Ɋ& !X 3& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e3bdaa99-a65e-45ec-8959-817a751b32c8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**p' 3 ]Ɋ& !X 3' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e3bdaa99-a65e-45ec-8959-817a751b32c8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**h( 3 ]Ɋ& !X 3( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e3bdaa99-a65e-45ec-8959-817a751b32c8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**h) 3 ]Ɋ& !X 3) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e3bdaa99-a65e-45ec-8959-817a751b32c8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**h* 3 ]Ɋ& !X 3* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e3bdaa99-a65e-45ec-8959-817a751b32c8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**+ 3 ]Ɋ&  ! 3+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e3bdaa99-a65e-45ec-8959-817a751b32c8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2bbe5851-dae2-4935-ad9e-94db51912e8f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**,7 3 ]Ɋ& !7 3, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e3bdaa99-a65e-45ec-8959-817a751b32c8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2bbe5851-dae2-4935-ad9e-94db51912e8f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio**-7 3 ]Ɋ& '!X7 3- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c2e0dd21-9c70-4f97-9a42-e86d62621f76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**.7 3 ]Ɋ& ?!X7 3. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c2e0dd21-9c70-4f97-9a42-e86d62621f76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**/7 3 ]Ɋ& ;!X7 3/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c2e0dd21-9c70-4f97-9a42-e86d62621f76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne**07 3 ]Ɋ& 3!X7 30 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c2e0dd21-9c70-4f97-9a42-e86d62621f76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **17 3 ]Ɋ& 3!X7 31 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c2e0dd21-9c70-4f97-9a42-e86d62621f76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP**27 3 ]Ɋ& 5!X7 32 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c2e0dd21-9c70-4f97-9a42-e86d62621f76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**037 3 ]Ɋ& !7 33 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c2e0dd21-9c70-4f97-9a42-e86d62621f76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=80d1aa5b-ccfa-4902-882b-faf670b06172 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@4/ 3 ]Ɋ& !/ 34 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c2e0dd21-9c70-4f97-9a42-e86d62621f76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=80d1aa5b-ccfa-4902-882b-faf670b06172 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @**5\Fg5 ]Ɋ& )!X\Fg55 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ef41d5c5-42d9-4e11-8b85-8faac6dffcc8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut-S**6\Fg5 ]Ɋ& A!X\Fg56 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ef41d5c5-42d9-4e11-8b85-8faac6dffcc8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 -C**7\Fg5 ]Ɋ& =!X\Fg57 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ef41d5c5-42d9-4e11-8b85-8faac6dffcc8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**8\Fg5 ]Ɋ& 5!X\Fg58 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ef41d5c5-42d9-4e11-8b85-8faac6dffcc8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on.0 HostId= ]Ɋ& icX\Fg59 F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X93  F&XElfChnk9i9ip:Mu=VysMc&&**9\Fg5 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X\Fg59 F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ef41d5c5-42d9-4e11-8b85-8faac6dffcc8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **:\Fg5 ]Ɋ& 7!X\Fg5: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ef41d5c5-42d9-4e11-8b85-8faac6dffcc8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0;\Fg5 ]Ɋ& !\Fg5; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ef41d5c5-42d9-4e11-8b85-8faac6dffcc8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa730b5c-b083-478d-a9ee-2d70449b5183 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@<wh5 ]Ɋ& !wh5< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ef41d5c5-42d9-4e11-8b85-8faac6dffcc8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa730b5c-b083-478d-a9ee-2d70449b5183 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X=wh5 ]Ɋ& !Xwh5= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=91424eac-219d-4aab-88de-d400c117b7c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p>wh5 ]Ɋ& !Xwh5> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=91424eac-219d-4aab-88de-d400c117b7c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h?wh5 ]Ɋ& !Xwh5? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=91424eac-219d-4aab-88de-d400c117b7c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`@wh5 ]Ɋ& !Xwh5@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=91424eac-219d-4aab-88de-d400c117b7c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`Awh5 ]Ɋ& !Xwh5A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=91424eac-219d-4aab-88de-d400c117b7c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**hBwh5 ]Ɋ& !Xwh5B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=91424eac-219d-4aab-88de-d400c117b7c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**Cwh5 ]Ɋ&  !wh5C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=91424eac-219d-4aab-88de-d400c117b7c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d7b3c0cc-fc69-4f28-8818-b944d9b8e079 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **Dwh5 ]Ɋ& !wh5D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=91424eac-219d-4aab-88de-d400c117b7c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d7b3c0cc-fc69-4f28-8818-b944d9b8e079 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8Ewh5 ]Ɋ& !Xwh5E F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=87d0dce2-586b-4ff1-9c2f-2edde109ee30 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**PFwh5 ]Ɋ& !Xwh5F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=87d0dce2-586b-4ff1-9c2f-2edde109ee30 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**PGwh5 ]Ɋ& !Xwh5G F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=87d0dce2-586b-4ff1-9c2f-2edde109ee30 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**HHwh5 ]Ɋ& !Xwh5H F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=87d0dce2-586b-4ff1-9c2f-2edde109ee30 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**HIwh5 ]Ɋ& !Xwh5I F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=87d0dce2-586b-4ff1-9c2f-2edde109ee30 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**HJwh5 ]Ɋ& !Xwh5J F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=87d0dce2-586b-4ff1-9c2f-2edde109ee30 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**Ki5 ]Ɋ& !i5K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=87d0dce2-586b-4ff1-9c2f-2edde109ee30 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cadd2f8c-d837-4e07-9eed-9585aa8c5022 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**Li5 ]Ɋ& !i5L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=87d0dce2-586b-4ff1-9c2f-2edde109ee30 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cadd2f8c-d837-4e07-9eed-9585aa8c5022 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**XMi5 ]Ɋ& !Xi5M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e211cac1-8611-4ee2-8c2a-e41eb0f2554f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**pNi5 ]Ɋ& !Xi5N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e211cac1-8611-4ee2-8c2a-e41eb0f2554f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**hOi5 ]Ɋ& !Xi5O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e211cac1-8611-4ee2-8c2a-e41eb0f2554f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`Pi5 ]Ɋ& !Xi5P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e211cac1-8611-4ee2-8c2a-e41eb0f2554f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`Qi5 ]Ɋ& !Xi5Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e211cac1-8611-4ee2-8c2a-e41eb0f2554f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`Ri5 ]Ɋ& !Xi5R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e211cac1-8611-4ee2-8c2a-e41eb0f2554f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**Si5 ]Ɋ& !i5S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e211cac1-8611-4ee2-8c2a-e41eb0f2554f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3ab93bab-e448-4349-9e77-2df0bfc97d75 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**Ti5 ]Ɋ& !i5T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e211cac1-8611-4ee2-8c2a-e41eb0f2554f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3ab93bab-e448-4349-9e77-2df0bfc97d75 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(Ui5 ]Ɋ& !Xi5U F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=898d3757-81d9-4cd1-a42e-bc229a372c20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0(**@Vi5 ]Ɋ& !Xi5V F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=898d3757-81d9-4cd1-a42e-bc229a372c20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@Wi5 ]Ɋ& !Xi5W F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=898d3757-81d9-4cd1-a42e-bc229a372c20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&@**8Xi5 ]Ɋ& !Xi5X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=898d3757-81d9-4cd1-a42e-bc229a372c20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8Yi5 ]Ɋ& !Xi5Y F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=898d3757-81d9-4cd1-a42e-bc229a372c20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8Zi5 ]Ɋ& !Xi5Z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=898d3757-81d9-4cd1-a42e-bc229a372c20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**[i5 ]Ɋ& !i5[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=898d3757-81d9-4cd1-a42e-bc229a372c20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fe6fbb2e-c0b7-41f7-b75a-463f69ab61b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**\LAj5 ]Ɋ& !LAj5\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=898d3757-81d9-4cd1-a42e-bc229a372c20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fe6fbb2e-c0b7-41f7-b75a-463f69ab61b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**X]yrk5 ]Ɋ& !Xyrk5] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=212ba091-6cec-4638-b76e-2e16f6ba9673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p^yrk5 ]Ɋ& !Xyrk5^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=212ba091-6cec-4638-b76e-2e16f6ba9673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p_yrk5 ]Ɋ& !Xyrk5_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=212ba091-6cec-4638-b76e-2e16f6ba9673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**h`yrk5 ]Ɋ& !Xyrk5` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=212ba091-6cec-4638-b76e-2e16f6ba9673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hayrk5 ]Ɋ& !Xyrk5a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=212ba091-6cec-4638-b76e-2e16f6ba9673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d62h**hbyrk5 ]Ɋ& !Xyrk5b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=212ba091-6cec-4638-b76e-2e16f6ba9673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**cyrk5 ]Ɋ&  !yrk5c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=212ba091-6cec-4638-b76e-2e16f6ba9673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a6e2af8-67bd-4557-a013-974e0e578a3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**d l5 ]Ɋ& ! l5d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=212ba091-6cec-4638-b76e-2e16f6ba9673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a6e2af8-67bd-4557-a013-974e0e578a3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**el5 ]Ɋ& '!Xl5e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4a4a5e47-7ceb-4c12-8e4e-b278735a35ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**fl5 ]Ɋ& ?!Xl5f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4a4a5e47-7ceb-4c12-8e4e-b278735a35ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**gl5 ]Ɋ& ;!Xl5g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4a4a5e47-7ceb-4c12-8e4e-b278735a35ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **hl5 ]Ɋ& 3!Xl5h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4a4a5e47-7ceb-4c12-8e4e-b278735a35ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**il5 ]Ɋ& 3!Xl5i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4a4a5e47-7ceb-4c12-8e4e-b278735a35ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& Xl5j F&9 F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X93  F&XElfChnkjjp([U-Mu=VysMc&&** jl5 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xl5j F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4a4a5e47-7ceb-4c12-8e4e-b278735a35ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4e1 **0kl5 ]Ɋ& !l5k F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4a4a5e47-7ceb-4c12-8e4e-b278735a35ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=6c141a7d-d8a5-45fb-986c-e8b4a8128a53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@l=9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e80edf6f-3ef2-45a1-b808-729a5e8dad8f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4485217a-ba58-4adc-a62b-4a59056f756c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **I _8 ]Ɋ& '!XI _8 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=68c62556-9e9a-4092-985d-aa70ace19eed HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**I _8 ]Ɋ& ?!XI _8 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=68c62556-9e9a-4092-985d-aa70ace19eed HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**I _8 ]Ɋ& ;!XI _8 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=68c62556-9e9a-4092-985d-aa70ace19eed HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**I _8 ]Ɋ& 3!XI _8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=68c62556-9e9a-4092-985d-aa70ace19eed HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**I _8 ]Ɋ& 3!XI _8 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=68c62556-9e9a-4092-985d-aa70ace19eed HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ica**I _8 ]Ɋ& 5!XI _8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=68c62556-9e9a-4092-985d-aa70ace19eed HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0I _8 ]Ɋ& !I _8 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=68c62556-9e9a-4092-985d-aa70ace19eed HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4eeb6a48-5be4-4260-9b5c-bbecc3a1bd2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow0**@v _8 ]Ɋ& !v _8 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=68c62556-9e9a-4092-985d-aa70ace19eed HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4eeb6a48-5be4-4260-9b5c-bbecc3a1bd2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**: ]Ɋ& )!X: F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=001ec1fb-e707-44b8-87ae-5b2ca843acfe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**: ]Ɋ& A!X: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=001ec1fb-e707-44b8-87ae-5b2ca843acfe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-wid**: ]Ɋ& =!X: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=001ec1fb-e707-44b8-87ae-5b2ca843acfe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**: ]Ɋ& 5!X: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=001ec1fb-e707-44b8-87ae-5b2ca843acfe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **: ]Ɋ& 5!X: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=001ec1fb-e707-44b8-87ae-5b2ca843acfe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==2**: ]Ɋ& 7!X: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=001ec1fb-e707-44b8-87ae-5b2ca843acfe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0: ]Ɋ& !: F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=001ec1fb-e707-44b8-87ae-5b2ca843acfe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e0535cee-5bb4-4edf-b5e7-f71dd0e2121a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@: ]Ɋ& !: F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=001ec1fb-e707-44b8-87ae-5b2ca843acfe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e0535cee-5bb4-4edf-b5e7-f71dd0e2121a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xi: ]Ɋ& !Xi: F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=216b4e12-7844-4f19-bfd7-9255c2888976 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pi: ]Ɋ& !Xi: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=216b4e12-7844-4f19-bfd7-9255c2888976 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hi: ]Ɋ& !Xi: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=216b4e12-7844-4f19-bfd7-9255c2888976 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`i: ]Ɋ& !Xi: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=216b4e12-7844-4f19-bfd7-9255c2888976 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`i: ]Ɋ& !Xi: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=216b4e12-7844-4f19-bfd7-9255c2888976 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**hi: ]Ɋ& !Xi: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=216b4e12-7844-4f19-bfd7-9255c2888976 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineSh**i: ]Ɋ&  !i: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=216b4e12-7844-4f19-bfd7-9255c2888976 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4b0c743-aa7b-48e9-b754-19ffc76bedf4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ped **i: ]Ɋ& !i: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=216b4e12-7844-4f19-bfd7-9255c2888976 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4b0c743-aa7b-48e9-b754-19ffc76bedf4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt**8i: ]Ɋ& !Xi: F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=195ce343-c863-45a4-ba5a-5bab8f4f4ebd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nm8**Pi: ]Ɋ& !Xi: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=195ce343-c863-45a4-ba5a-5bab8f4f4ebd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idP**Pi: ]Ɋ& !Xi: F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=195ce343-c863-45a4-ba5a-5bab8f4f4ebd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartP**Hi: ]Ɋ& !Xi: F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=195ce343-c863-45a4-ba5a-5bab8f4f4ebd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ReH**Hi: ]Ɋ& !Xi: F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=195ce343-c863-45a4-ba5a-5bab8f4f4ebd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hi: ]Ɋ& !Xi: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=195ce343-c863-45a4-ba5a-5bab8f4f4ebd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8H**H: ]Ɋ& !H: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=195ce343-c863-45a4-ba5a-5bab8f4f4ebd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d551fae9-56ed-4749-a80d-03a1ceb713f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**H: ]Ɋ& !H: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=195ce343-c863-45a4-ba5a-5bab8f4f4ebd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d551fae9-56ed-4749-a80d-03a1ceb713f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XH: ]Ɋ& !XH: F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4f2e0ce8-144d-4257-9c4a-9cc790c1e83a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaX**pH: ]Ɋ& !XH: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4f2e0ce8-144d-4257-9c4a-9cc790c1e83a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**hH: ]Ɋ& !XH: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4f2e0ce8-144d-4257-9c4a-9cc790c1e83a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`H: ]Ɋ& !XH: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4f2e0ce8-144d-4257-9c4a-9cc790c1e83a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`H: ]Ɋ& !XH: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4f2e0ce8-144d-4257-9c4a-9cc790c1e83a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=`**`H: ]Ɋ& !XH: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4f2e0ce8-144d-4257-9c4a-9cc790c1e83a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**H: ]Ɋ& !H: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4f2e0ce8-144d-4257-9c4a-9cc790c1e83a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f0c12496-61d1-4f92-bc9e-8425fc19b083 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H: ]Ɋ& !H: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4f2e0ce8-144d-4257-9c4a-9cc790c1e83a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f0c12496-61d1-4f92-bc9e-8425fc19b083 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4 **(: ]Ɋ& !X: F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ea06ad7a-a8d8-42ce-ab3d-afb895ae5d4d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@: ]Ɋ& !X: F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ea06ad7a-a8d8-42ce-ab3d-afb895ae5d4d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@: ]Ɋ& !X: F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ea06ad7a-a8d8-42ce-ab3d-afb895ae5d4d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin@**8: ]Ɋ& !X: F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ea06ad7a-a8d8-42ce-ab3d-afb895ae5d4d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8: ]Ɋ& !X: F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ea06ad7a-a8d8-42ce-ab3d-afb895ae5d4d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8: ]Ɋ& !X: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ea06ad7a-a8d8-42ce-ab3d-afb895ae5d4d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== 8**: ]Ɋ& !: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ea06ad7a-a8d8-42ce-ab3d-afb895ae5d4d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=919d7796-26be-4a7d-b002-c676e3505bc4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge**-y: ]Ɋ& !-y: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ea06ad7a-a8d8-42ce-ab3d-afb895ae5d4d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=919d7796-26be-4a7d-b002-c676e3505bc4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te';**XZ: ]Ɋ& !XZ: F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4d8ac282-a6a5-4f48-981b-83f7ef95f0cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pZ: ]Ɋ& !XZ: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4d8ac282-a6a5-4f48-981b-83f7ef95f0cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unXZ: F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X93  F&XElfChnkcMu=VysMc&&**p Z: ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! S!XZ: F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4d8ac282-a6a5-4f48-981b-83f7ef95f0cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **hZ: ]Ɋ& !XZ: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4d8ac282-a6a5-4f48-981b-83f7ef95f0cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hZ: ]Ɋ& !XZ: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4d8ac282-a6a5-4f48-981b-83f7ef95f0cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hZ: ]Ɋ& !XZ: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4d8ac282-a6a5-4f48-981b-83f7ef95f0cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tah**Z: ]Ɋ&  !Z: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4d8ac282-a6a5-4f48-981b-83f7ef95f0cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0e4f8b35-5353-4cc5-98f4-b5615a7d4ca5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ac**B: ]Ɋ& !B: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4d8ac282-a6a5-4f48-981b-83f7ef95f0cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0e4f8b35-5353-4cc5-98f4-b5615a7d4ca5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,De**: ]Ɋ& '!X: F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=95fae960-57fe-42c5-b294-257a2feb7bec HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**: ]Ɋ& ?!X: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=95fae960-57fe-42c5-b294-257a2feb7bec HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**: ]Ɋ& ;!X: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=95fae960-57fe-42c5-b294-257a2feb7bec HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hel**: ]Ɋ& 3!X: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=95fae960-57fe-42c5-b294-257a2feb7bec HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**: ]Ɋ& 3!X: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=95fae960-57fe-42c5-b294-257a2feb7bec HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll **: ]Ɋ& 5!X: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=95fae960-57fe-42c5-b294-257a2feb7bec HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0: ]Ɋ& !: F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=95fae960-57fe-42c5-b294-257a2feb7bec HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9bcf46d2-c9d8-4ba1-97c3-67efeb4e4832 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng0**@t: ]Ɋ& !t: F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=95fae960-57fe-42c5-b294-257a2feb7bec HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9bcf46d2-c9d8-4ba1-97c3-67efeb4e4832 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**-= ]Ɋ& )!X-= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e8c94a81-2720-4548-8218-c5efe26c76ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:**-= ]Ɋ& A!X-= F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e8c94a81-2720-4548-8218-c5efe26c76ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **-= ]Ɋ& =!X-= F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e8c94a81-2720-4548-8218-c5efe26c76ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**-= ]Ɋ& 5!X-= F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e8c94a81-2720-4548-8218-c5efe26c76ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl**-= ]Ɋ& 5!X-= F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e8c94a81-2720-4548-8218-c5efe26c76ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **-= ]Ɋ& 7!X-= F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e8c94a81-2720-4548-8218-c5efe26c76ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**0>= ]Ɋ& !>= F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e8c94a81-2720-4548-8218-c5efe26c76ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ad258cb-d2ad-43c7-801e-08a9c06fbe96 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=40**@Z׀= ]Ɋ& !Z׀= F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e8c94a81-2720-4548-8218-c5efe26c76ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ad258cb-d2ad-43c7-801e-08a9c06fbe96 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**XZ׀= ]Ɋ& !XZ׀= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8e9de5f1-ab37-41f5-b777-c6511407f954 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProX**pZ׀= ]Ɋ& !XZ׀= F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8e9de5f1-ab37-41f5-b777-c6511407f954 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt p**hZ׀= ]Ɋ& !XZ׀= F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8e9de5f1-ab37-41f5-b777-c6511407f954 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sh**`Z׀= ]Ɋ& !XZ׀= F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8e9de5f1-ab37-41f5-b777-c6511407f954 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**`Z׀= ]Ɋ& !XZ׀= F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8e9de5f1-ab37-41f5-b777-c6511407f954 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**hZ׀= ]Ɋ& !XZ׀= F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8e9de5f1-ab37-41f5-b777-c6511407f954 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**Z׀= ]Ɋ&  !Z׀= F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8e9de5f1-ab37-41f5-b777-c6511407f954 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=558454f8-7bda-4e2e-a099-17e30b2a1977 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e343**o= ]Ɋ& !o= F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8e9de5f1-ab37-41f5-b777-c6511407f954 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=558454f8-7bda-4e2e-a099-17e30b2a1977 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a5**8o= ]Ɋ& !Xo= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c65fed4d-fbc2-494a-b6d2-9f97245ea47a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si8**Po= ]Ɋ& !Xo= F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c65fed4d-fbc2-494a-b6d2-9f97245ea47a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leP**Po= ]Ɋ& !Xo= F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c65fed4d-fbc2-494a-b6d2-9f97245ea47a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HoP**Ho= ]Ɋ& !Xo= F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c65fed4d-fbc2-494a-b6d2-9f97245ea47a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eNumH**Ho= ]Ɋ& !Xo= F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c65fed4d-fbc2-494a-b6d2-9f97245ea47a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**Ho= ]Ɋ& !Xo= F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c65fed4d-fbc2-494a-b6d2-9f97245ea47a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ateH**o= ]Ɋ& !o= F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c65fed4d-fbc2-494a-b6d2-9f97245ea47a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6693212f-f54e-4927-b55d-2be3fe358d08 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber**o= ]Ɋ& !o= F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c65fed4d-fbc2-494a-b6d2-9f97245ea47a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6693212f-f54e-4927-b55d-2be3fe358d08 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xo= ]Ɋ& !Xo= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ca998aea-eff6-439b-b404-e6c46afe6beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNamX**po= ]Ɋ& !Xo= F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ca998aea-eff6-439b-b404-e6c46afe6beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**ho= ]Ɋ& !Xo= F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ca998aea-eff6-439b-b404-e6c46afe6beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**`o= ]Ɋ& !Xo= F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ca998aea-eff6-439b-b404-e6c46afe6beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=('`**`o= ]Ɋ& !Xo= F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ca998aea-eff6-439b-b404-e6c46afe6beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ti`**`o= ]Ɋ& !Xo= F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ca998aea-eff6-439b-b404-e6c46afe6beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f`**= ]Ɋ& != F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ca998aea-eff6-439b-b404-e6c46afe6beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2f72c0a-d3eb-4754-8066-bf8f3e7ee4ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**= ]Ɋ& != F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ca998aea-eff6-439b-b404-e6c46afe6beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2f72c0a-d3eb-4754-8066-bf8f3e7ee4ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**(= ]Ɋ& !X= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6a932a30-c7d9-4242-86e6-ed93be63fd1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@= ]Ɋ& !X= F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6a932a30-c7d9-4242-86e6-ed93be63fd1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@= ]Ɋ& !X= F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6a932a30-c7d9-4242-86e6-ed93be63fd1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ace@**8= ]Ɋ& !X= F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6a932a30-c7d9-4242-86e6-ed93be63fd1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es[8nstalldate'] ]Ɋ& etX= F&imatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unXZ: F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X93  F&XElfChnk22GMu=VysMc&&**8 = ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X= F&F%g>9{p(xlMD EventDatauoData !BinaryhRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6a932a30-c7d9-4242-86e6-ed93be63fd1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8= ]Ɋ& !X= F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6a932a30-c7d9-4242-86e6-ed93be63fd1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=In8**= ]Ɋ& != F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6a932a30-c7d9-4242-86e6-ed93be63fd1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5e8fb40d-562b-4d17-97b3-f9cd3fd96482 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WA**= ]Ɋ& != F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6a932a30-c7d9-4242-86e6-ed93be63fd1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5e8fb40d-562b-4d17-97b3-f9cd3fd96482 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=po**Xj= ]Ɋ& !Xj= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=85d7a242-57b4-43ab-9029-bdc36496fd9a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pj= ]Ɋ& !Xj= F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=85d7a242-57b4-43ab-9029-bdc36496fd9a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2p**pj= ]Ɋ& !Xj= F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=85d7a242-57b4-43ab-9029-bdc36496fd9a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**hj= ]Ɋ& !Xj= F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=85d7a242-57b4-43ab-9029-bdc36496fd9a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**h j= ]Ɋ& !Xj=  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=85d7a242-57b4-43ab-9029-bdc36496fd9a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNh**h j= ]Ɋ& !Xj=  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=85d7a242-57b4-43ab-9029-bdc36496fd9a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dBh** j= ]Ɋ&  !j=  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=85d7a242-57b4-43ab-9029-bdc36496fd9a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6e1fe676-b9e1-4834-bda0-3cdb5051a50f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on** w= ]Ɋ& !w=  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=85d7a242-57b4-43ab-9029-bdc36496fd9a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6e1fe676-b9e1-4834-bda0-3cdb5051a50f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gine** w= ]Ɋ& '!Xw=  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0a227df4-4ca6-40d6-8da7-2a6acf94ebc1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**w= ]Ɋ& ?!Xw= F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0a227df4-4ca6-40d6-8da7-2a6acf94ebc1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**w= ]Ɋ& ;!Xw= F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0a227df4-4ca6-40d6-8da7-2a6acf94ebc1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**w= ]Ɋ& 3!Xw= F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0a227df4-4ca6-40d6-8da7-2a6acf94ebc1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsh**w= ]Ɋ& 3!Xw= F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0a227df4-4ca6-40d6-8da7-2a6acf94ebc1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**w= ]Ɋ& 5!Xw= F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0a227df4-4ca6-40d6-8da7-2a6acf94ebc1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=re**0w= ]Ɋ& !w= F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0a227df4-4ca6-40d6-8da7-2a6acf94ebc1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ddaca0b3-c4f6-4997-9b4b-ab753b8e20c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@4= ]Ɋ& !4= F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0a227df4-4ca6-40d6-8da7-2a6acf94ebc1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ddaca0b3-c4f6-4997-9b4b-ab753b8e20c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se@**?i? ]Ɋ& )!X?i? F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6d468e19-2f4d-4fc1-b2c8-dd5d921c1ce0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=777-**?i? ]Ɋ& A!X?i? F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6d468e19-2f4d-4fc1-b2c8-dd5d921c1ce0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=C**?i? ]Ɋ& =!X?i? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6d468e19-2f4d-4fc1-b2c8-dd5d921c1ce0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **?i? ]Ɋ& 5!X?i? F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6d468e19-2f4d-4fc1-b2c8-dd5d921c1ce0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**?i? ]Ɋ& 5!X?i? F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6d468e19-2f4d-4fc1-b2c8-dd5d921c1ce0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Z׀**?i? ]Ɋ& 7!X?i? F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6d468e19-2f4d-4fc1-b2c8-dd5d921c1ce0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**0?i? ]Ɋ& !?i? F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6d468e19-2f4d-4fc1-b2c8-dd5d921c1ce0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=968670ac-a89e-442f-8b7c-837877399f23 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=80**@Ai? ]Ɋ& !Ai? F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6d468e19-2f4d-4fc1-b2c8-dd5d921c1ce0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=968670ac-a89e-442f-8b7c-837877399f23 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e |@**XAi? ]Ɋ& !XAi? F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b0438ea3-116b-47c3-950d-bba6291ff666 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pdaX**pAi? ]Ɋ& !XAi? F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b0438ea3-116b-47c3-950d-bba6291ff666 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nEnp**hAi? ]Ɋ& !XAi? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b0438ea3-116b-47c3-950d-bba6291ff666 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th**` Ai? ]Ɋ& !XAi?  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b0438ea3-116b-47c3-950d-bba6291ff666 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`!Ai? ]Ɋ& !XAi?! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b0438ea3-116b-47c3-950d-bba6291ff666 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h"Ai? ]Ɋ& !XAi?" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b0438ea3-116b-47c3-950d-bba6291ff666 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ruh**#Ai? ]Ɋ&  !Ai?# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b0438ea3-116b-47c3-950d-bba6291ff666 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d33e37b0-5db1-476c-9226-df65ea52d943 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pipe**$Ai? ]Ɋ& !Ai?$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b0438ea3-116b-47c3-950d-bba6291ff666 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d33e37b0-5db1-476c-9226-df65ea52d943 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**8%Ai? ]Ɋ& !XAi?% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c4eb415d-ac74-427e-8bab-ef07807ba2f0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P&Ai? ]Ɋ& !XAi?& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c4eb415d-ac74-427e-8bab-ef07807ba2f0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=unP**P'Ai? ]Ɋ& !XAi?' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c4eb415d-ac74-427e-8bab-ef07807ba2f0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gineP**H(Ai? ]Ɋ& !XAi?( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c4eb415d-ac74-427e-8bab-ef07807ba2f0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 65H**H)Ai? ]Ɋ& !XAi?) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c4eb415d-ac74-427e-8bab-ef07807ba2f0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StriH**H*Ai? ]Ɋ& !XAi?* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c4eb415d-ac74-427e-8bab-ef07807ba2f0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oluH**+CAi? ]Ɋ& !CAi?+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c4eb415d-ac74-427e-8bab-ef07807ba2f0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=80cf84c7-ee23-406a-be16-c23a8b1ccd05 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=553**,CAi? ]Ɋ& !CAi?, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c4eb415d-ac74-427e-8bab-ef07807ba2f0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=80cf84c7-ee23-406a-be16-c23a8b1ccd05 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X-CAi? ]Ɋ& !XCAi?- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0500ce97-5a7c-4c32-9ade-c17562dc9a1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arseX**p.CAi? ]Ɋ& !XCAi?. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0500ce97-5a7c-4c32-9ade-c17562dc9a1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h/CAi? ]Ɋ& !XCAi?/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0500ce97-5a7c-4c32-9ade-c17562dc9a1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eqh**`0CAi? ]Ɋ& !XCAi?0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0500ce97-5a7c-4c32-9ade-c17562dc9a1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`1CAi? ]Ɋ& !XCAi?1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0500ce97-5a7c-4c32-9ade-c17562dc9a1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri`**`2CAi? ]Ɋ& !XCAi?2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0500ce97-5a7c-4c32-9ade-c17562dc9a1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`ElfChnk3c3c`L?#Mu=VysMc&&**3CAi? ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !CAi?3 F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0500ce97-5a7c-4c32-9ade-c17562dc9a1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4784da5-a3eb-4344-a7d5-847bc91c9c94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**4CAi? ]Ɋ& !CAi?4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0500ce97-5a7c-4c32-9ade-c17562dc9a1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4784da5-a3eb-4344-a7d5-847bc91c9c94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **(5ABi? ]Ɋ& !XABi?5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9bb77124-3dc7-41d0-b004-b1e218f78205 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@6ABi? ]Ɋ& !XABi?6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9bb77124-3dc7-41d0-b004-b1e218f78205 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@7ABi? ]Ɋ& !XABi?7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9bb77124-3dc7-41d0-b004-b1e218f78205 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | @**88ABi? ]Ɋ& !XABi?8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9bb77124-3dc7-41d0-b004-b1e218f78205 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Se8**89ABi? ]Ɋ& !XABi?9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9bb77124-3dc7-41d0-b004-b1e218f78205 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS8**8:ABi? ]Ɋ& !XABi?: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9bb77124-3dc7-41d0-b004-b1e218f78205 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**;ABi? ]Ɋ& !ABi?; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9bb77124-3dc7-41d0-b004-b1e218f78205 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=aadf36df-9825-4a47-bb74-98cc574a8465 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si**<pBi? ]Ɋ& !pBi?< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9bb77124-3dc7-41d0-b004-b1e218f78205 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=aadf36df-9825-4a47-bb74-98cc574a8465 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obal**X=Ji? ]Ɋ& !XJi?= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7fa25eed-1d70-426e-a625-d1276fdecc91 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p>Ji? ]Ɋ& !XJi?> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7fa25eed-1d70-426e-a625-d1276fdecc91 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.p**p?Ji? ]Ɋ& !XJi?? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7fa25eed-1d70-426e-a625-d1276fdecc91 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e.pp**h@Ji? ]Ɋ& !XJi?@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7fa25eed-1d70-426e-a625-d1276fdecc91 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n.Ch**hAJi? ]Ɋ& !XJi?A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7fa25eed-1d70-426e-a625-d1276fdecc91 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655h**hBJi? ]Ɋ& !XJi?B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7fa25eed-1d70-426e-a625-d1276fdecc91 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pah**CJi? ]Ɋ&  !Ji?C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7fa25eed-1d70-426e-a625-d1276fdecc91 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4b90818f-1a25-4749-8ce0-a76226d975a5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**D2Ki? ]Ɋ& !2Ki?D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7fa25eed-1d70-426e-a625-d1276fdecc91 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4b90818f-1a25-4749-8ce0-a76226d975a5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**E2Ki? ]Ɋ& '!X2Ki?E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=151bb1b7-ae38-4473-b7b3-f79c49806c82 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**F2Ki? ]Ɋ& ?!X2Ki?F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=151bb1b7-ae38-4473-b7b3-f79c49806c82 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**G2Ki? ]Ɋ& ;!X2Ki?G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=151bb1b7-ae38-4473-b7b3-f79c49806c82 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H2Ki? ]Ɋ& 3!X2Ki?H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=151bb1b7-ae38-4473-b7b3-f79c49806c82 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ati**I2Ki? ]Ɋ& 3!X2Ki?I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=151bb1b7-ae38-4473-b7b3-f79c49806c82 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**J2Ki? ]Ɋ& 5!X2Ki?J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=151bb1b7-ae38-4473-b7b3-f79c49806c82 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**0K2Ki? ]Ɋ& !2Ki?K F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=151bb1b7-ae38-4473-b7b3-f79c49806c82 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0b2bc16b-8c63-44fa-bd5b-d95a22ebcb01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@LcLi? ]Ɋ& !cLi?L F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=151bb1b7-ae38-4473-b7b3-f79c49806c82 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0b2bc16b-8c63-44fa-bd5b-d95a22ebcb01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stri@**MP A ]Ɋ& )!XP AM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d798fede-985a-4f54-993e-182ea3dccb81 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tanc**NP A ]Ɋ& A!XP AN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d798fede-985a-4f54-993e-182ea3dccb81 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b-47**OP A ]Ɋ& =!XP AO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d798fede-985a-4f54-993e-182ea3dccb81 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **PP A ]Ɋ& 5!XP AP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d798fede-985a-4f54-993e-182ea3dccb81 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**QP A ]Ɋ& 5!XP AQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d798fede-985a-4f54-993e-182ea3dccb81 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**RP A ]Ɋ& 7!XP AR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d798fede-985a-4f54-993e-182ea3dccb81 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0SP A ]Ɋ& !P AS F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d798fede-985a-4f54-993e-182ea3dccb81 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b611745-41a8-4b92-a5d7-4db3b65e41e2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m0**@T}QA ]Ɋ& !}QAT F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d798fede-985a-4f54-993e-182ea3dccb81 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b611745-41a8-4b92-a5d7-4db3b65e41e2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P@**XU}QA ]Ɋ& !X}QAU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bdced8a9-d193-4206-8eb1-a0aeeb0b689c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0X**pV}QA ]Ɋ& !X}QAV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bdced8a9-d193-4206-8eb1-a0aeeb0b689c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=inep**hW}QA ]Ɋ& !X}QAW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bdced8a9-d193-4206-8eb1-a0aeeb0b689c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh**`X}QA ]Ɋ& !X}QAX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bdced8a9-d193-4206-8eb1-a0aeeb0b689c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`Y}QA ]Ɋ& !X}QAY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bdced8a9-d193-4206-8eb1-a0aeeb0b689c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I`**hZ}QA ]Ɋ& !X}QAZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bdced8a9-d193-4206-8eb1-a0aeeb0b689c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nameh**[}QA ]Ɋ&  !}QA[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bdced8a9-d193-4206-8eb1-a0aeeb0b689c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e947a8df-3d27-4345-9e18-efd5149e9cea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand**\}QA ]Ɋ& !}QA\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bdced8a9-d193-4206-8eb1-a0aeeb0b689c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e947a8df-3d27-4345-9e18-efd5149e9cea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8]}QA ]Ɋ& !X}QA] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5eb91c9f-e88b-4d03-8bb3-1a91a756da0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sc8**P^}QA ]Ɋ& !X}QA^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5eb91c9f-e88b-4d03-8bb3-1a91a756da0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P_}QA ]Ɋ& !X}QA_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5eb91c9f-e88b-4d03-8bb3-1a91a756da0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== P**H`}QA ]Ɋ& !X}QA` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5eb91c9f-e88b-4d03-8bb3-1a91a756da0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eId=H**Ha}QA ]Ɋ& !X}QAa F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5eb91c9f-e88b-4d03-8bb3-1a91a756da0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d= H**Hb}QA ]Ɋ& !X}QAb F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5eb91c9f-e88b-4d03-8bb3-1a91a756da0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RH**c}QA ]Ɋ& !}QAc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5eb91c9f-e88b-4d03-8bb3-1a91a756da0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=28aa4365-3e9c-49b7-b911-88660a6b92b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= mmandName=  ]Ɋ& CommandPath= Comm꛴AElfChnkddH5HMu=VysMc&&**d꛴A ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !꛴Ad F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5eb91c9f-e88b-4d03-8bb3-1a91a756da0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=28aa4365-3e9c-49b7-b911-88660a6b92b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**Xe꛴A ]Ɋ& !X꛴Ae F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=353a4cc4-f927-4f19-8350-fed475433dc0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pf꛴A ]Ɋ& !X꛴Af F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=353a4cc4-f927-4f19-8350-fed475433dc0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hg꛴A ]Ɋ& !X꛴Ag F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=353a4cc4-f927-4f19-8350-fed475433dc0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`h꛴A ]Ɋ& !X꛴Ah F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=353a4cc4-f927-4f19-8350-fed475433dc0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`i꛴A ]Ɋ& !X꛴Ai F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=353a4cc4-f927-4f19-8350-fed475433dc0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`j꛴A ]Ɋ& !X꛴Aj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=353a4cc4-f927-4f19-8350-fed475433dc0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**k꛴A ]Ɋ& !꛴Ak F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=353a4cc4-f927-4f19-8350-fed475433dc0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3d76b435-b655-4552-8850-fd78c122bf3f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**l꛴A ]Ɋ& !꛴Al F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=353a4cc4-f927-4f19-8350-fed475433dc0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3d76b435-b655-4552-8850-fd78c122bf3f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(m꛴A ]Ɋ& !X꛴Am F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=05ff3a91-dffa-4bea-95da-e21bc8b2222c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@n꛴A ]Ɋ& !X꛴An F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=05ff3a91-dffa-4bea-95da-e21bc8b2222c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@o꛴A ]Ɋ& !X꛴Ao F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=05ff3a91-dffa-4bea-95da-e21bc8b2222c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8p꛴A ]Ɋ& !X꛴Ap F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=05ff3a91-dffa-4bea-95da-e21bc8b2222c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8q꛴A ]Ɋ& !X꛴Aq F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=05ff3a91-dffa-4bea-95da-e21bc8b2222c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8r꛴A ]Ɋ& !X꛴Ar F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=05ff3a91-dffa-4bea-95da-e21bc8b2222c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**s꛴A ]Ɋ& !꛴As F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=05ff3a91-dffa-4bea-95da-e21bc8b2222c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5093cb0d-1c31-4a63-9906-65f0f84ec392 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **tA ]Ɋ& !At F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=05ff3a91-dffa-4bea-95da-e21bc8b2222c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5093cb0d-1c31-4a63-9906-65f0f84ec392 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**Xu垴A ]Ɋ& !X垴Au F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b1b74a4d-c36c-4fee-a01a-36528b29e92f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pv垴A ]Ɋ& !X垴Av F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b1b74a4d-c36c-4fee-a01a-36528b29e92f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pw垴A ]Ɋ& !X垴Aw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b1b74a4d-c36c-4fee-a01a-36528b29e92f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hx垴A ]Ɋ& !X垴Ax F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b1b74a4d-c36c-4fee-a01a-36528b29e92f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hy垴A ]Ɋ& !X垴Ay F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b1b74a4d-c36c-4fee-a01a-36528b29e92f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hz垴A ]Ɋ& !X垴Az F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b1b74a4d-c36c-4fee-a01a-36528b29e92f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**{垴A ]Ɋ&  !垴A{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b1b74a4d-c36c-4fee-a01a-36528b29e92f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b02f47a-c61b-4b51-9bd5-22bd6508a6f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|}A ]Ɋ& !}A| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b1b74a4d-c36c-4fee-a01a-36528b29e92f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b02f47a-c61b-4b51-9bd5-22bd6508a6f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**}}A ]Ɋ& '!X}A} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=05223f30-9f6a-4783-b35b-8521b273c18c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **~}A ]Ɋ& ?!X}A~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=05223f30-9f6a-4783-b35b-8521b273c18c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**}A ]Ɋ& ;!X}A F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=05223f30-9f6a-4783-b35b-8521b273c18c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**}A ]Ɋ& 3!X}A F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=05223f30-9f6a-4783-b35b-8521b273c18c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **}A ]Ɋ& 3!X}A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=05223f30-9f6a-4783-b35b-8521b273c18c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**}A ]Ɋ& 5!X}A F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=05223f30-9f6a-4783-b35b-8521b273c18c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0}A ]Ɋ& !}A F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=05223f30-9f6a-4783-b35b-8521b273c18c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a0fa41e2-98aa-48c3-8958-2db4eadd667c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@ȮA ]Ɋ& !ȮA F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=05223f30-9f6a-4783-b35b-8521b273c18c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a0fa41e2-98aa-48c3-8958-2db4eadd667c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4db@**I D ]Ɋ& )!XI D F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=02e92e01-cbc4-4632-a2e8-169c9de87193 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**I D ]Ɋ& A!XI D F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=02e92e01-cbc4-4632-a2e8-169c9de87193 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**I D ]Ɋ& =!XI D F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=02e92e01-cbc4-4632-a2e8-169c9de87193 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a0**I D ]Ɋ& 5!XI D F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=02e92e01-cbc4-4632-a2e8-169c9de87193 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**I D ]Ɋ& 5!XI D F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=02e92e01-cbc4-4632-a2e8-169c9de87193 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**I D ]Ɋ& 7!XI D F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=02e92e01-cbc4-4632-a2e8-169c9de87193 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=}**0I D ]Ɋ& !I D F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=02e92e01-cbc4-4632-a2e8-169c9de87193 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c3ec02f-9ab6-420d-ac7f-cf42026ce5ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@z D ]Ɋ& !z D F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=02e92e01-cbc4-4632-a2e8-169c9de87193 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c3ec02f-9ab6-420d-ac7f-cf42026ce5ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**Xz D ]Ɋ& !Xz D F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=34030742-6f11-4cad-9e2c-8c9d53afdd12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**pz D ]Ɋ& !Xz D F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=34030742-6f11-4cad-9e2c-8c9d53afdd12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hz D ]Ɋ& !Xz D F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=34030742-6f11-4cad-9e2c-8c9d53afdd12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`z D ]Ɋ& !Xz D F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=34030742-6f11-4cad-9e2c-8c9d53afdd12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`z D ]Ɋ& !Xz D F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=34030742-6f11-4cad-9e2c-8c9d53afdd12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hz D ]Ɋ& !Xz D F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=34030742-6f11-4cad-9e2c-8c9d53afdd12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bh**z D ]Ɋ&  !z D F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=34030742-6f11-4cad-9e2c-8c9d53afdd12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a3a208d8-1efd-4914-b55e-90946f809732 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!}QA ]Ɋ& atr D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=34030742-6f11-4cad-9e2c-8c9d53afdd12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a3a208d8-1efd-4914-b55e-90946f809732 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@qR5SMu=VysMc&&**r D ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !r D F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=34030742-6f11-4cad-9e2c-8c9d53afdd12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a3a208d8-1efd-4914-b55e-90946f809732 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8r D ]Ɋ& !Xr D F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aad4947a-e332-473c-8e54-fdc9e803966c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om8**Pr D ]Ɋ& !Xr D F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aad4947a-e332-473c-8e54-fdc9e803966c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**Pr D ]Ɋ& !Xr D F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aad4947a-e332-473c-8e54-fdc9e803966c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaP**Hr D ]Ɋ& !Xr D F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aad4947a-e332-473c-8e54-fdc9e803966c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iptNH**Hr D ]Ɋ& !Xr D F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aad4947a-e332-473c-8e54-fdc9e803966c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTypH**Hr D ]Ɋ& !Xr D F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aad4947a-e332-473c-8e54-fdc9e803966c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**r D ]Ɋ& !r D F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aad4947a-e332-473c-8e54-fdc9e803966c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5844a374-13b8-4277-ab20-0401ab11cc44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **r D ]Ɋ& !r D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aad4947a-e332-473c-8e54-fdc9e803966c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5844a374-13b8-4277-ab20-0401ab11cc44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X D ]Ɋ& !X D F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d0300258-9cf6-40fd-be41-0298a478bea4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulX**p D ]Ɋ& !X D F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d0300258-9cf6-40fd-be41-0298a478bea4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={ [p**h D ]Ɋ& !X D F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d0300258-9cf6-40fd-be41-0298a478bea4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5dh**` D ]Ɋ& !X D F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d0300258-9cf6-40fd-be41-0298a478bea4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rS`**` D ]Ɋ& !X D F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d0300258-9cf6-40fd-be41-0298a478bea4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` D ]Ɋ& !X D F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d0300258-9cf6-40fd-be41-0298a478bea4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `** D ]Ɋ& ! D F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d0300258-9cf6-40fd-be41-0298a478bea4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85013bba-f96c-43fc-948d-ac14d37e5e26 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-** D ]Ɋ& ! D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d0300258-9cf6-40fd-be41-0298a478bea4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85013bba-f96c-43fc-948d-ac14d37e5e26 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ure**( D ]Ɋ& !X D F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=14b676a4-3553-4998-8aed-5095654ef508 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v(**@ D ]Ɋ& !X D F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=14b676a4-3553-4998-8aed-5095654ef508 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K@**@ D ]Ɋ& !X D F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=14b676a4-3553-4998-8aed-5095654ef508 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=@**8 D ]Ɋ& !X D F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=14b676a4-3553-4998-8aed-5095654ef508 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F8**8 D ]Ɋ& !X D F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=14b676a4-3553-4998-8aed-5095654ef508 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam8**8 D ]Ɋ& !X D F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=14b676a4-3553-4998-8aed-5095654ef508 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Gl8** D ]Ɋ& ! D F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=14b676a4-3553-4998-8aed-5095654ef508 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=19873713-6d07-47c0-97b6-7e246819b25e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**D D ]Ɋ& !D D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=14b676a4-3553-4998-8aed-5095654ef508 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=19873713-6d07-47c0-97b6-7e246819b25e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tall**XD ]Ɋ& !XD F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6dd941ab-20bc-4313-aa15-d7a677b15cee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\X**pD ]Ɋ& !XD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6dd941ab-20bc-4313-aa15-d7a677b15cee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\p**pD ]Ɋ& !XD F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6dd941ab-20bc-4313-aa15-d7a677b15cee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=help**hD ]Ɋ& !XD F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6dd941ab-20bc-4313-aa15-d7a677b15cee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ct h**hD ]Ɋ& !XD F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6dd941ab-20bc-4313-aa15-d7a677b15cee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n';h**hD ]Ɋ& !XD F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6dd941ab-20bc-4313-aa15-d7a677b15cee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=([h**D ]Ɋ&  !D F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6dd941ab-20bc-4313-aa15-d7a677b15cee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f23a7de-0f37-40e2-9123-f13f87a766bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta**?D ]Ɋ& !?D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6dd941ab-20bc-4313-aa15-d7a677b15cee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f23a7de-0f37-40e2-9123-f13f87a766bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omma**?D ]Ɋ& '!X?D F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a789c527-7ed6-47e5-8ffe-22656dc4878f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**?D ]Ɋ& ?!X?D F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a789c527-7ed6-47e5-8ffe-22656dc4878f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**?D ]Ɋ& ;!X?D F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a789c527-7ed6-47e5-8ffe-22656dc4878f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt **?D ]Ɋ& 3!X?D F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a789c527-7ed6-47e5-8ffe-22656dc4878f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=**?D ]Ɋ& 3!X?D F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a789c527-7ed6-47e5-8ffe-22656dc4878f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**?D ]Ɋ& 5!X?D F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a789c527-7ed6-47e5-8ffe-22656dc4878f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0?D ]Ɋ& !?D F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a789c527-7ed6-47e5-8ffe-22656dc4878f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a53b48f6-a144-487d-8629-5d96a71ddccc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@&D ]Ɋ& !&D F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a789c527-7ed6-47e5-8ffe-22656dc4878f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a53b48f6-a144-487d-8629-5d96a71ddccc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w@**{F ]Ɋ& )!X{F F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c4509f8d-12d3-4b9d-b3c7-827b64450906 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nter**{F ]Ɋ& A!X{F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c4509f8d-12d3-4b9d-b3c7-827b64450906 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**{F ]Ɋ& =!X{F F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c4509f8d-12d3-4b9d-b3c7-827b64450906 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**{F ]Ɋ& 5!X{F F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c4509f8d-12d3-4b9d-b3c7-827b64450906 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**{F ]Ɋ& 5!X{F F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c4509f8d-12d3-4b9d-b3c7-827b64450906 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Va**{F ]Ɋ& 7!X{F F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c4509f8d-12d3-4b9d-b3c7-827b64450906 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0{F ]Ɋ& !{F F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c4509f8d-12d3-4b9d-b3c7-827b64450906 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9ec9173-bf46-434f-8b9d-4b291f73c406 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@%{F ]Ɋ& !%{F F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c4509f8d-12d3-4b9d-b3c7-827b64450906 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9ec9173-bf46-434f-8b9d-4b291f73c406 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=46f@9732 Pipel ]Ɋ& meX%{F F&e=ElfChnkHŜ'ܟMu=VysMc&&**X%{F ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ;!X%{F F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=20524719-ee78-4e00-8912-a771c29a3224 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p%{F ]Ɋ& !X%{F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=20524719-ee78-4e00-8912-a771c29a3224 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h%{F ]Ɋ& !X%{F F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=20524719-ee78-4e00-8912-a771c29a3224 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`%{F ]Ɋ& !X%{F F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=20524719-ee78-4e00-8912-a771c29a3224 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`%{F ]Ɋ& !X%{F F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=20524719-ee78-4e00-8912-a771c29a3224 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h%{F ]Ɋ& !X%{F F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=20524719-ee78-4e00-8912-a771c29a3224 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h**%{F ]Ɋ&  !%{F F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=20524719-ee78-4e00-8912-a771c29a3224 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b38834cb-c1a0-423f-aa7f-c3a676a46722 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= D**%{F ]Ɋ& !%{F F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=20524719-ee78-4e00-8912-a771c29a3224 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b38834cb-c1a0-423f-aa7f-c3a676a46722 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8M{F ]Ɋ& !XM{F F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ef7e081d-594b-4d11-8001-ab17e17f890a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PM{F ]Ɋ& !XM{F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ef7e081d-594b-4d11-8001-ab17e17f890a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PM{F ]Ɋ& !XM{F F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ef7e081d-594b-4d11-8001-ab17e17f890a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HM{F ]Ɋ& !XM{F F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ef7e081d-594b-4d11-8001-ab17e17f890a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HM{F ]Ɋ& !XM{F F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ef7e081d-594b-4d11-8001-ab17e17f890a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**HM{F ]Ɋ& !XM{F F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ef7e081d-594b-4d11-8001-ab17e17f890a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**M{F ]Ɋ& !M{F F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ef7e081d-594b-4d11-8001-ab17e17f890a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a06cc17e-9cef-46b6-98e2-4b8e920aa6c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **M{F ]Ɋ& !M{F F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ef7e081d-594b-4d11-8001-ab17e17f890a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a06cc17e-9cef-46b6-98e2-4b8e920aa6c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XM{F ]Ɋ& !XM{F F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d910c561-6dda-4705-be69-ad05d2545902 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pM{F ]Ɋ& !XM{F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d910c561-6dda-4705-be69-ad05d2545902 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**hM{F ]Ɋ& !XM{F F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d910c561-6dda-4705-be69-ad05d2545902 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`M{F ]Ɋ& !XM{F F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d910c561-6dda-4705-be69-ad05d2545902 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`M{F ]Ɋ& !XM{F F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d910c561-6dda-4705-be69-ad05d2545902 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`M{F ]Ɋ& !XM{F F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d910c561-6dda-4705-be69-ad05d2545902 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**M{F ]Ɋ& !M{F F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d910c561-6dda-4705-be69-ad05d2545902 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b2636677-7d40-4310-ab75-2696791269cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**M{F ]Ɋ& !M{F F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d910c561-6dda-4705-be69-ad05d2545902 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b2636677-7d40-4310-ab75-2696791269cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(V{F ]Ɋ& !XV{F F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9a9f8b1f-b32f-4875-a53e-d5489b4a0e0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@V{F ]Ɋ& !XV{F F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9a9f8b1f-b32f-4875-a53e-d5489b4a0e0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7@**@V{F ]Ɋ& !XV{F F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9a9f8b1f-b32f-4875-a53e-d5489b4a0e0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8V{F ]Ɋ& !XV{F F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9a9f8b1f-b32f-4875-a53e-d5489b4a0e0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8V{F ]Ɋ& !XV{F F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9a9f8b1f-b32f-4875-a53e-d5489b4a0e0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==6d8**8V{F ]Ɋ& !XV{F F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9a9f8b1f-b32f-4875-a53e-d5489b4a0e0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**V{F ]Ɋ& !V{F F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9a9f8b1f-b32f-4875-a53e-d5489b4a0e0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4f1fc30e-f6da-4f1a-aed2-8bcf994adf31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**z{F ]Ɋ& !z{F F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9a9f8b1f-b32f-4875-a53e-d5489b4a0e0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4f1fc30e-f6da-4f1a-aed2-8bcf994adf31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**X {F ]Ɋ& !X {F F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9aa2d565-e3f3-4ef2-bb8f-a1ac09c8ce40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**p {F ]Ɋ& !X {F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9aa2d565-e3f3-4ef2-bb8f-a1ac09c8ce40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**p {F ]Ɋ& !X {F F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9aa2d565-e3f3-4ef2-bb8f-a1ac09c8ce40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**h {F ]Ɋ& !X {F F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9aa2d565-e3f3-4ef2-bb8f-a1ac09c8ce40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**h {F ]Ɋ& !X {F F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9aa2d565-e3f3-4ef2-bb8f-a1ac09c8ce40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h {F ]Ɋ& !X {F F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9aa2d565-e3f3-4ef2-bb8f-a1ac09c8ce40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh** {F ]Ɋ&  ! {F F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9aa2d565-e3f3-4ef2-bb8f-a1ac09c8ce40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dea015a2-407d-4058-9168-10a76a32459c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**>{F ]Ɋ& !>{F F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9aa2d565-e3f3-4ef2-bb8f-a1ac09c8ce40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dea015a2-407d-4058-9168-10a76a32459c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **Q{F ]Ɋ& '!XQ{F F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=60fd6ee2-d5af-4c2d-aac4-f756c7b0a844 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**Q{F ]Ɋ& ?!XQ{F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=60fd6ee2-d5af-4c2d-aac4-f756c7b0a844 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**Q{F ]Ɋ& ;!XQ{F F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=60fd6ee2-d5af-4c2d-aac4-f756c7b0a844 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**Q{F ]Ɋ& 3!XQ{F F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=60fd6ee2-d5af-4c2d-aac4-f756c7b0a844 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**Q{F ]Ɋ& 3!XQ{F F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=60fd6ee2-d5af-4c2d-aac4-f756c7b0a844 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**Q{F ]Ɋ& 5!XQ{F F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=60fd6ee2-d5af-4c2d-aac4-f756c7b0a844 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0Q{F ]Ɋ& !Q{F F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=60fd6ee2-d5af-4c2d-aac4-f756c7b0a844 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f144c03-2861-42a3-b009-aa53888ee9bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@k{F ]Ɋ& !k{F F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=60fd6ee2-d5af-4c2d-aac4-f756c7b0a844 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f144c03-2861-42a3-b009-aa53888ee9bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6 @pelineId=  ]Ɋ& maX XH F&9732 Pipel ]Ɋ& meX%{F F&e=ElfChnk&&hP%%P!Mu=VysMc&&** XH ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X XH F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fe59f990-f840-43d5-8cff-c2d0b6e46fff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e** XH ]Ɋ& A!X XH F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fe59f990-f840-43d5-8cff-c2d0b6e46fff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655** XH ]Ɋ& =!X XH F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fe59f990-f840-43d5-8cff-c2d0b6e46fff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv** XH ]Ɋ& 5!X XH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fe59f990-f840-43d5-8cff-c2d0b6e46fff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l ** XH ]Ɋ& 5!X XH F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fe59f990-f840-43d5-8cff-c2d0b6e46fff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=20** XH ]Ɋ& 7!X XH F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fe59f990-f840-43d5-8cff-c2d0b6e46fff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**0 XH ]Ɋ& ! XH F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fe59f990-f840-43d5-8cff-c2d0b6e46fff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=332cf262-1847-4588-a6c1-5a8e39622158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@MYH ]Ɋ& !MYH F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fe59f990-f840-43d5-8cff-c2d0b6e46fff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=332cf262-1847-4588-a6c1-5a8e39622158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F@**XMYH ]Ɋ& !XMYH F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e8ea23fb-b40d-4e36-9040-97b11a5b3960 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pMYH ]Ɋ& !XMYH F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e8ea23fb-b40d-4e36-9040-97b11a5b3960 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**hMYH ]Ɋ& !XMYH F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e8ea23fb-b40d-4e36-9040-97b11a5b3960 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`MYH ]Ɋ& !XMYH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e8ea23fb-b40d-4e36-9040-97b11a5b3960 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`MYH ]Ɋ& !XMYH F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e8ea23fb-b40d-4e36-9040-97b11a5b3960 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hMYH ]Ɋ& !XMYH F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e8ea23fb-b40d-4e36-9040-97b11a5b3960 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tarth**MYH ]Ɋ&  !MYH F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e8ea23fb-b40d-4e36-9040-97b11a5b3960 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50ef2f41-5e19-4524-a661-d7a1566c5184 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **MYH ]Ɋ& !MYH F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e8ea23fb-b40d-4e36-9040-97b11a5b3960 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50ef2f41-5e19-4524-a661-d7a1566c5184 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mb**8ZH ]Ɋ& !XZH F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5b574be6-9b18-497a-aac3-0d7a4e872a70 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne8**PZH ]Ɋ& !XZH F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5b574be6-9b18-497a-aac3-0d7a4e872a70 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=P**PZH ]Ɋ& !XZH F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5b574be6-9b18-497a-aac3-0d7a4e872a70 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtedP**HZH ]Ɋ& !XZH F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5b574be6-9b18-497a-aac3-0d7a4e872a70 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FuH**H ZH ]Ɋ& !XZH  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5b574be6-9b18-497a-aac3-0d7a4e872a70 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H ZH ]Ɋ& !XZH  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5b574be6-9b18-497a-aac3-0d7a4e872a70 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FH** ZH ]Ɋ& !ZH  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5b574be6-9b18-497a-aac3-0d7a4e872a70 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be8b7e29-9f3c-459b-b6d4-4fb70037461d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila** ZH ]Ɋ& !ZH  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5b574be6-9b18-497a-aac3-0d7a4e872a70 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be8b7e29-9f3c-459b-b6d4-4fb70037461d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X ZH ]Ɋ& !XZH  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ca9143b8-7a6e-4a52-a198-b348f729f6db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pZH ]Ɋ& !XZH F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ca9143b8-7a6e-4a52-a198-b348f729f6db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe= p**hZH ]Ɋ& !XZH F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ca9143b8-7a6e-4a52-a198-b348f729f6db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`ZH ]Ɋ& !XZH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ca9143b8-7a6e-4a52-a198-b348f729f6db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt`**`ZH ]Ɋ& !XZH F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ca9143b8-7a6e-4a52-a198-b348f729f6db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`ZH ]Ɋ& !XZH F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ca9143b8-7a6e-4a52-a198-b348f729f6db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**ZH ]Ɋ& !ZH F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ca9143b8-7a6e-4a52-a198-b348f729f6db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ce6656a-05c0-4760-94ac-606c81328d5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **z[H ]Ɋ& !z[H F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ca9143b8-7a6e-4a52-a198-b348f729f6db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ce6656a-05c0-4760-94ac-606c81328d5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(z[H ]Ɋ& !Xz[H F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6bcb07e-01f6-4861-834e-b7b9f38f9615 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@z[H ]Ɋ& !Xz[H F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6bcb07e-01f6-4861-834e-b7b9f38f9615 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@z[H ]Ɋ& !Xz[H F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6bcb07e-01f6-4861-834e-b7b9f38f9615 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o('@**8z[H ]Ɋ& !Xz[H F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6bcb07e-01f6-4861-834e-b7b9f38f9615 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayV8**8z[H ]Ɋ& !Xz[H F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6bcb07e-01f6-4861-834e-b7b9f38f9615 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8z[H ]Ɋ& !Xz[H F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6bcb07e-01f6-4861-834e-b7b9f38f9615 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um8**z[H ]Ɋ& !z[H F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6bcb07e-01f6-4861-834e-b7b9f38f9615 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7f6ef73f-15ff-40ff-b352-a2877465fcb1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[H ]Ɋ& ![H F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6bcb07e-01f6-4861-834e-b7b9f38f9615 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7f6ef73f-15ff-40ff-b352-a2877465fcb1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= **XԀ]H ]Ɋ& !XԀ]H F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d033ef14-eccb-4a3a-abd9-4d0c45dd22d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**pԀ]H ]Ɋ& !XԀ]H F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d033ef14-eccb-4a3a-abd9-4d0c45dd22d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**pԀ]H ]Ɋ& !XԀ]H F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d033ef14-eccb-4a3a-abd9-4d0c45dd22d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5a2p**h Ԁ]H ]Ɋ& !XԀ]H  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d033ef14-eccb-4a3a-abd9-4d0c45dd22d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**h!Ԁ]H ]Ɋ& !XԀ]H! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d033ef14-eccb-4a3a-abd9-4d0c45dd22d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h"Ԁ]H ]Ɋ& !XԀ]H" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d033ef14-eccb-4a3a-abd9-4d0c45dd22d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**#Ԁ]H ]Ɋ&  !Ԁ]H# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d033ef14-eccb-4a3a-abd9-4d0c45dd22d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e040c62c-b75a-4bbb-9c7a-c44a1264862f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **$k^H ]Ɋ& !k^H$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d033ef14-eccb-4a3a-abd9-4d0c45dd22d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e040c62c-b75a-4bbb-9c7a-c44a1264862f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hell**%k^H ]Ɋ& '!Xk^H% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4c278c81-29ef-4b4e-8804-90a37a06d9c4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**&k^H ]Ɋ& ?!Xk^H& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4c278c81-29ef-4b4e-8804-90a37a06d9c4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-2d-aac4-f756 ]Ɋ& reXk^H' F&ame . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f144c03-2861-42a3-b009-aa53888ee9bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6 @pelineId=  ]Ɋ& maX XH F&9732 Pipel ]Ɋ& meX%{F F&e=ElfChnk'Y'Y@jKM~Mu=VysMc&&** 'k^H ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xk^H' F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4c278c81-29ef-4b4e-8804-90a37a06d9c4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **(k^H ]Ɋ& 3!Xk^H( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4c278c81-29ef-4b4e-8804-90a37a06d9c4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**)k^H ]Ɋ& 3!Xk^H) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4c278c81-29ef-4b4e-8804-90a37a06d9c4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0b6***k^H ]Ɋ& 5!Xk^H* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4c278c81-29ef-4b4e-8804-90a37a06d9c4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0+k^H ]Ɋ& !k^H+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4c278c81-29ef-4b4e-8804-90a37a06d9c4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c357b363-1973-46e5-91b9-70e3ce1ecd01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@,J_H ]Ɋ& !J_H, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4c278c81-29ef-4b4e-8804-90a37a06d9c4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c357b363-1973-46e5-91b9-70e3ce1ecd01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com@**-iJ ]Ɋ& )!XiJ- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0df4376c-2a56-4d8b-b2f6-22752ef23423 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **.iJ ]Ɋ& A!XiJ. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0df4376c-2a56-4d8b-b2f6-22752ef23423 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tSta**/iJ ]Ɋ& =!XiJ/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0df4376c-2a56-4d8b-b2f6-22752ef23423 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**0iJ ]Ɋ& 5!XiJ0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0df4376c-2a56-4d8b-b2f6-22752ef23423 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**1iJ ]Ɋ& 5!XiJ1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0df4376c-2a56-4d8b-b2f6-22752ef23423 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ve**2iJ ]Ɋ& 7!XiJ2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0df4376c-2a56-4d8b-b2f6-22752ef23423 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**03iJ ]Ɋ& !iJ3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0df4376c-2a56-4d8b-b2f6-22752ef23423 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1d8c2b23-64b9-4485-83f1-f3a183032f2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@4ymiJ ]Ɋ& !ymiJ4 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0df4376c-2a56-4d8b-b2f6-22752ef23423 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1d8c2b23-64b9-4485-83f1-f3a183032f2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X5iJ ]Ɋ& !XiJ5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b78a9f8d-ae80-41ca-badb-0be1ca5981c6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p6iJ ]Ɋ& !XiJ6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b78a9f8d-ae80-41ca-badb-0be1ca5981c6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h7iJ ]Ɋ& !XiJ7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b78a9f8d-ae80-41ca-badb-0be1ca5981c6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`8iJ ]Ɋ& !XiJ8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b78a9f8d-ae80-41ca-badb-0be1ca5981c6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`9iJ ]Ɋ& !XiJ9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b78a9f8d-ae80-41ca-badb-0be1ca5981c6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h:iJ ]Ɋ& !XiJ: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b78a9f8d-ae80-41ca-badb-0be1ca5981c6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah**;iJ ]Ɋ&  !iJ; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b78a9f8d-ae80-41ca-badb-0be1ca5981c6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd23c541-c33d-4eb7-a719-c4d3be67b655 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New**<iJ ]Ɋ& !iJ< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b78a9f8d-ae80-41ca-badb-0be1ca5981c6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd23c541-c33d-4eb7-a719-c4d3be67b655 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**8=iJ ]Ɋ& !XiJ= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b64e91b7-c5b5-462b-b4ad-216a6a7c2272 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**P>iJ ]Ɋ& !XiJ> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b64e91b7-c5b5-462b-b4ad-216a6a7c2272 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**P?iJ ]Ɋ& !XiJ? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b64e91b7-c5b5-462b-b4ad-216a6a7c2272 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**H@iJ ]Ɋ& !XiJ@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b64e91b7-c5b5-462b-b4ad-216a6a7c2272 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HAiJ ]Ɋ& !XiJA F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b64e91b7-c5b5-462b-b4ad-216a6a7c2272 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**HBiJ ]Ɋ& !XiJB F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b64e91b7-c5b5-462b-b4ad-216a6a7c2272 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**CiJ ]Ɋ& !iJC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b64e91b7-c5b5-462b-b4ad-216a6a7c2272 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=882a7bb1-a830-4535-b22b-f7bd8fac384b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**DiJ ]Ɋ& !iJD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b64e91b7-c5b5-462b-b4ad-216a6a7c2272 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=882a7bb1-a830-4535-b22b-f7bd8fac384b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XEiJ ]Ɋ& !XiJE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2e5714b6-b7f5-4c75-9add-52a36089c34e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pFiJ ]Ɋ& !XiJF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2e5714b6-b7f5-4c75-9add-52a36089c34e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**hGiJ ]Ɋ& !XiJG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2e5714b6-b7f5-4c75-9add-52a36089c34e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`HiJ ]Ɋ& !XiJH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2e5714b6-b7f5-4c75-9add-52a36089c34e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=96`**`IiJ ]Ɋ& !XiJI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2e5714b6-b7f5-4c75-9add-52a36089c34e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`JiJ ]Ɋ& !XiJJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2e5714b6-b7f5-4c75-9add-52a36089c34e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**KiJ ]Ɋ& !iJK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2e5714b6-b7f5-4c75-9add-52a36089c34e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=09344602-d876-48e6-9f1a-6395a30219eb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**LiJ ]Ɋ& !iJL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2e5714b6-b7f5-4c75-9add-52a36089c34e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=09344602-d876-48e6-9f1a-6395a30219eb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0ff**(MiJ ]Ɋ& !XiJM F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=51220621-f4cd-4513-9d27-d03b6cd6aaa7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@NiJ ]Ɋ& !XiJN F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=51220621-f4cd-4513-9d27-d03b6cd6aaa7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@OiJ ]Ɋ& !XiJO F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=51220621-f4cd-4513-9d27-d03b6cd6aaa7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8PiJ ]Ɋ& !XiJP F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=51220621-f4cd-4513-9d27-d03b6cd6aaa7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8QiJ ]Ɋ& !XiJQ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=51220621-f4cd-4513-9d27-d03b6cd6aaa7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8RiJ ]Ɋ& !XiJR F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=51220621-f4cd-4513-9d27-d03b6cd6aaa7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8**SiJ ]Ɋ& !iJS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=51220621-f4cd-4513-9d27-d03b6cd6aaa7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3e4d2456-45c0-4f57-9c95-c20c4b1a31f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**TiJ ]Ɋ& !iJT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=51220621-f4cd-4513-9d27-d03b6cd6aaa7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3e4d2456-45c0-4f57-9c95-c20c4b1a31f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**XUiJ ]Ɋ& !XiJU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=91d2655d-6772-425f-a436-3482c06d0669 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pViJ ]Ɋ& !XiJV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=91d2655d-6772-425f-a436-3482c06d0669 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pWiJ ]Ɋ& !XiJW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=91d2655d-6772-425f-a436-3482c06d0669 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**hXiJ ]Ɋ& !XiJX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=91d2655d-6772-425f-a436-3482c06d0669 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**hYiJ ]Ɋ& !XiJY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=91d2655d-6772-425f-a436-3482c06d0669 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& XiJZ F&]Ɋ& meX%{F F&e=ElfChnkZZH8W$Mu=VysMc&&**p ZiJ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!XiJZ F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=91d2655d-6772-425f-a436-3482c06d0669 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp **[iJ ]Ɋ&  !iJ[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=91d2655d-6772-425f-a436-3482c06d0669 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00a07b69-7a14-4c82-841b-23490cf127f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**\iJ ]Ɋ& !iJ\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=91d2655d-6772-425f-a436-3482c06d0669 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00a07b69-7a14-4c82-841b-23490cf127f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio**]iJ ]Ɋ& '!XiJ] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3135e637-51ca-4fb0-9978-e4f51426d2d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**^iJ ]Ɋ& ?!XiJ^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3135e637-51ca-4fb0-9978-e4f51426d2d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**_iJ ]Ɋ& ;!XiJ_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3135e637-51ca-4fb0-9978-e4f51426d2d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**`iJ ]Ɋ& 3!XiJ` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3135e637-51ca-4fb0-9978-e4f51426d2d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**aiJ ]Ɋ& 3!XiJa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3135e637-51ca-4fb0-9978-e4f51426d2d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t **biJ ]Ɋ& 5!XiJb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3135e637-51ca-4fb0-9978-e4f51426d2d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0ciJ ]Ɋ& !iJc F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3135e637-51ca-4fb0-9978-e4f51426d2d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5dab4fa9-1b1a-4c8d-898d-4b750d35b7ad PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=750**@diJ ]Ɋ& !iJd F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3135e637-51ca-4fb0-9978-e4f51426d2d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5dab4fa9-1b1a-4c8d-898d-4b750d35b7ad PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**e5L ]Ɋ& )!X5Le F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=136e3800-7be4-42c3-ad88-b27917c253e0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**f5L ]Ɋ& A!X5Lf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=136e3800-7be4-42c3-ad88-b27917c253e0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**g5L ]Ɋ& =!X5Lg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=136e3800-7be4-42c3-ad88-b27917c253e0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la**h5L ]Ɋ& 5!X5Lh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=136e3800-7be4-42c3-ad88-b27917c253e0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**i5L ]Ɋ& 5!X5Li F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=136e3800-7be4-42c3-ad88-b27917c253e0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**j5L ]Ɋ& 7!X5Lj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=136e3800-7be4-42c3-ad88-b27917c253e0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0k5L ]Ɋ& !5Lk F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=136e3800-7be4-42c3-ad88-b27917c253e0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ef3306e0-acc9-45a3-b02e-f4aa0645cb3c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@lb?L ]Ɋ& !b?Ll F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=136e3800-7be4-42c3-ad88-b27917c253e0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ef3306e0-acc9-45a3-b02e-f4aa0645cb3c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=J@**Xmb?L ]Ɋ& !Xb?Lm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=65096922-10ab-4488-ab88-d9f7a0c05e7a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pnb?L ]Ɋ& !Xb?Ln F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=65096922-10ab-4488-ab88-d9f7a0c05e7a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hob?L ]Ɋ& !Xb?Lo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=65096922-10ab-4488-ab88-d9f7a0c05e7a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`pb?L ]Ɋ& !Xb?Lp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=65096922-10ab-4488-ab88-d9f7a0c05e7a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`qb?L ]Ɋ& !Xb?Lq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=65096922-10ab-4488-ab88-d9f7a0c05e7a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hrb?L ]Ɋ& !Xb?Lr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=65096922-10ab-4488-ab88-d9f7a0c05e7a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vah**sb?L ]Ɋ&  !b?Ls F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=65096922-10ab-4488-ab88-d9f7a0c05e7a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=51f7b15a-8c8f-41a8-a8db-cd080585e559 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineS**tױL ]Ɋ& !ױLt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=65096922-10ab-4488-ab88-d9f7a0c05e7a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=51f7b15a-8c8f-41a8-a8db-cd080585e559 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8uױL ]Ɋ& !XױLu F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=02209c73-56aa-4eec-aa75-e00a19268bc2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=am8**PvױL ]Ɋ& !XױLv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=02209c73-56aa-4eec-aa75-e00a19268bc2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PP**PwױL ]Ɋ& !XױLw F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=02209c73-56aa-4eec-aa75-e00a19268bc2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSyP**HxױL ]Ɋ& !XױLx F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=02209c73-56aa-4eec-aa75-e00a19268bc2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**HyױL ]Ɋ& !XױLy F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=02209c73-56aa-4eec-aa75-e00a19268bc2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iJH**HzױL ]Ɋ& !XױLz F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=02209c73-56aa-4eec-aa75-e00a19268bc2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**{ױL ]Ɋ& !ױL{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=02209c73-56aa-4eec-aa75-e00a19268bc2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3924e641-f75b-4b3b-b3a4-eb7eb1c4d870 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|ױL ]Ɋ& !ױL| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=02209c73-56aa-4eec-aa75-e00a19268bc2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3924e641-f75b-4b3b-b3a4-eb7eb1c4d870 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X}pL ]Ɋ& !XpL} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6777e030-283e-494a-a9aa-2883e7964447 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p~pL ]Ɋ& !XpL~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6777e030-283e-494a-a9aa-2883e7964447 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**hpL ]Ɋ& !XpL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6777e030-283e-494a-a9aa-2883e7964447 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`pL ]Ɋ& !XpL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6777e030-283e-494a-a9aa-2883e7964447 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ps`**`pL ]Ɋ& !XpL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6777e030-283e-494a-a9aa-2883e7964447 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`pL ]Ɋ& !XpL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6777e030-283e-494a-a9aa-2883e7964447 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q`**pL ]Ɋ& !pL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6777e030-283e-494a-a9aa-2883e7964447 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=75102105-ed4a-4f92-add5-00e70f7764ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**pL ]Ɋ& !pL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6777e030-283e-494a-a9aa-2883e7964447 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=75102105-ed4a-4f92-add5-00e70f7764ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(pL ]Ɋ& !XpL F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6c422a08-bb11-42db-bbc5-23239e80dbdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@pL ]Ɋ& !XpL F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6c422a08-bb11-42db-bbc5-23239e80dbdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S@**@pL ]Ɋ& !XpL F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6c422a08-bb11-42db-bbc5-23239e80dbdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=etC@**8pL ]Ɋ& !XpL F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6c422a08-bb11-42db-bbc5-23239e80dbdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNa8**8pL ]Ɋ& !XpL F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6c422a08-bb11-42db-bbc5-23239e80dbdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8pL ]Ɋ& !XpL F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6c422a08-bb11-42db-bbc5-23239e80dbdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**pL ]Ɋ& !pL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6c422a08-bb11-42db-bbc5-23239e80dbdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=93d97c2e-7b9c-437e-9a92-94c8133aa316 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**% L ]Ɋ& !% L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6c422a08-bb11-42db-bbc5-23239e80dbdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=93d97c2e-7b9c-437e-9a92-94c8133aa316 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== riptName=  ]Ɋ& XҴL F&XiJZ F&]Ɋ& meX%{F F&e=ElfChnkHSP݆Mu=VysMc&&**` ҴL ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!XҴL F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6d4f88d9-41e5-438d-8538-eb7cc72d0fe9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **pҴL ]Ɋ& !XҴL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6d4f88d9-41e5-438d-8538-eb7cc72d0fe9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**pҴL ]Ɋ& !XҴL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6d4f88d9-41e5-438d-8538-eb7cc72d0fe9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**hҴL ]Ɋ& !XҴL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6d4f88d9-41e5-438d-8538-eb7cc72d0fe9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**hҴL ]Ɋ& !XҴL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6d4f88d9-41e5-438d-8538-eb7cc72d0fe9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hҴL ]Ɋ& !XҴL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6d4f88d9-41e5-438d-8538-eb7cc72d0fe9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**ҴL ]Ɋ&  !ҴL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6d4f88d9-41e5-438d-8538-eb7cc72d0fe9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52793c0b-81f6-4c94-8bf5-5b5dc5bdf3c9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**kL ]Ɋ& !kL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6d4f88d9-41e5-438d-8538-eb7cc72d0fe9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52793c0b-81f6-4c94-8bf5-5b5dc5bdf3c9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**kL ]Ɋ& '!XkL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=baf65ea2-4ef1-4dd1-b08e-4d8997b6d407 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**kL ]Ɋ& ?!XkL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=baf65ea2-4ef1-4dd1-b08e-4d8997b6d407 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**kL ]Ɋ& ;!XkL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=baf65ea2-4ef1-4dd1-b08e-4d8997b6d407 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3-a**kL ]Ɋ& 3!XkL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=baf65ea2-4ef1-4dd1-b08e-4d8997b6d407 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**kL ]Ɋ& 3!XkL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=baf65ea2-4ef1-4dd1-b08e-4d8997b6d407 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ad8**kL ]Ɋ& 5!XkL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=baf65ea2-4ef1-4dd1-b08e-4d8997b6d407 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0kL ]Ɋ& !kL F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=baf65ea2-4ef1-4dd1-b08e-4d8997b6d407 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2f357356-1bbe-4fa8-a679-156aa088ddce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@L ]Ɋ& !L F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=baf65ea2-4ef1-4dd1-b08e-4d8997b6d407 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2f357356-1bbe-4fa8-a679-156aa088ddce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**w;O ]Ɋ& )!Xw;O F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d634aa5f-62f8-4d93-ba41-c1688b2d9b2a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**w;O ]Ɋ& A!Xw;O F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d634aa5f-62f8-4d93-ba41-c1688b2d9b2a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **w;O ]Ɋ& =!Xw;O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d634aa5f-62f8-4d93-ba41-c1688b2d9b2a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**w;O ]Ɋ& 5!Xw;O F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d634aa5f-62f8-4d93-ba41-c1688b2d9b2a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**w;O ]Ɋ& 5!Xw;O F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d634aa5f-62f8-4d93-ba41-c1688b2d9b2a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **w;O ]Ɋ& 7!Xw;O F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d634aa5f-62f8-4d93-ba41-c1688b2d9b2a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0w;O ]Ɋ& !w;O F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d634aa5f-62f8-4d93-ba41-c1688b2d9b2a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9a230cb0-438c-4145-a310-634af3098cb2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@;O ]Ɋ& !;O F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d634aa5f-62f8-4d93-ba41-c1688b2d9b2a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9a230cb0-438c-4145-a310-634af3098cb2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**X';O ]Ɋ& !X';O F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1f197a9c-dbfb-4203-bbb8-5ce3f8f9426c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p';O ]Ɋ& !X';O F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1f197a9c-dbfb-4203-bbb8-5ce3f8f9426c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**h';O ]Ɋ& !X';O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1f197a9c-dbfb-4203-bbb8-5ce3f8f9426c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`';O ]Ɋ& !X';O F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1f197a9c-dbfb-4203-bbb8-5ce3f8f9426c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**`';O ]Ɋ& !X';O F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1f197a9c-dbfb-4203-bbb8-5ce3f8f9426c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**h';O ]Ɋ& !X';O F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1f197a9c-dbfb-4203-bbb8-5ce3f8f9426c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih**';O ]Ɋ&  !';O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1f197a9c-dbfb-4203-bbb8-5ce3f8f9426c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be425254-8e2c-4053-bda9-a865f6bdfa7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**';O ]Ɋ& !';O F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1f197a9c-dbfb-4203-bbb8-5ce3f8f9426c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be425254-8e2c-4053-bda9-a865f6bdfa7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8';O ]Ɋ& !X';O F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1c2bc4d5-99f8-4c96-b55c-49c5dfe70b75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**P';O ]Ɋ& !X';O F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1c2bc4d5-99f8-4c96-b55c-49c5dfe70b75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**P';O ]Ɋ& !X';O F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1c2bc4d5-99f8-4c96-b55c-49c5dfe70b75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**H';O ]Ɋ& !X';O F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1c2bc4d5-99f8-4c96-b55c-49c5dfe70b75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**H';O ]Ɋ& !X';O F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1c2bc4d5-99f8-4c96-b55c-49c5dfe70b75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**H';O ]Ɋ& !X';O F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1c2bc4d5-99f8-4c96-b55c-49c5dfe70b75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**';O ]Ɋ& !';O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1c2bc4d5-99f8-4c96-b55c-49c5dfe70b75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2983b7f8-b795-42de-982a-ed0bddc2cf79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **';O ]Ɋ& !';O F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1c2bc4d5-99f8-4c96-b55c-49c5dfe70b75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2983b7f8-b795-42de-982a-ed0bddc2cf79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**XA;O ]Ɋ& !XA;O F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3e2817cd-8d14-4122-9343-87d90175b5bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pA;O ]Ɋ& !XA;O F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3e2817cd-8d14-4122-9343-87d90175b5bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**hA;O ]Ɋ& !XA;O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3e2817cd-8d14-4122-9343-87d90175b5bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`A;O ]Ɋ& !XA;O F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3e2817cd-8d14-4122-9343-87d90175b5bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`A;O ]Ɋ& !XA;O F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3e2817cd-8d14-4122-9343-87d90175b5bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`A;O ]Ɋ& !XA;O F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3e2817cd-8d14-4122-9343-87d90175b5bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**A;O ]Ɋ& !A;O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3e2817cd-8d14-4122-9343-87d90175b5bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=da559f03-b575-4813-bfa0-198d4e9b30fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**A;O ]Ɋ& !A;O F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3e2817cd-8d14-4122-9343-87d90175b5bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=da559f03-b575-4813-bfa0-198d4e9b30fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(A;O ]Ɋ& !XA;O F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9cf7da27-c5cc-4264-8901-b7c75b86a981 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@A;O ]Ɋ& !XA;O F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9cf7da27-c5cc-4264-8901-b7c75b86a981 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @riptName=  ]Ɋ& XA;O F&XiJZ F&]Ɋ& meX%{F F&e=ElfChnkPI8ӼlMu=VysMc&&**@ A;O ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!XA;O F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9cf7da27-c5cc-4264-8901-b7c75b86a981 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8A;O ]Ɋ& !XA;O F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9cf7da27-c5cc-4264-8901-b7c75b86a981 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8A;O ]Ɋ& !XA;O F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9cf7da27-c5cc-4264-8901-b7c75b86a981 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8A;O ]Ɋ& !XA;O F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9cf7da27-c5cc-4264-8901-b7c75b86a981 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**A;O ]Ɋ& !A;O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9cf7da27-c5cc-4264-8901-b7c75b86a981 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=57ea1563-719a-4768-a0d9-50fe119cd3a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re**T;O ]Ɋ& !T;O F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9cf7da27-c5cc-4264-8901-b7c75b86a981 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=57ea1563-719a-4768-a0d9-50fe119cd3a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X;O ]Ɋ& !X;O F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c4312020-cd8d-4b9c-817b-22f6f882422f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**p;O ]Ɋ& !X;O F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c4312020-cd8d-4b9c-817b-22f6f882422f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p;O ]Ɋ& !X;O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c4312020-cd8d-4b9c-817b-22f6f882422f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**h;O ]Ɋ& !X;O F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c4312020-cd8d-4b9c-817b-22f6f882422f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**h;O ]Ɋ& !X;O F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c4312020-cd8d-4b9c-817b-22f6f882422f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h;O ]Ɋ& !X;O F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c4312020-cd8d-4b9c-817b-22f6f882422f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**;O ]Ɋ&  !;O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c4312020-cd8d-4b9c-817b-22f6f882422f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12743e09-6ab7-4d67-b78f-a0e7b10f7f8a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**<;O ]Ɋ& !<;O F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c4312020-cd8d-4b9c-817b-22f6f882422f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12743e09-6ab7-4d67-b78f-a0e7b10f7f8a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**<;O ]Ɋ& '!X<;O F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=751e6e55-0ea0-44f2-9d3b-8fb614f956f7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**<;O ]Ɋ& ?!X<;O F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=751e6e55-0ea0-44f2-9d3b-8fb614f956f7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**<;O ]Ɋ& ;!X<;O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=751e6e55-0ea0-44f2-9d3b-8fb614f956f7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4d**<;O ]Ɋ& 3!X<;O F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=751e6e55-0ea0-44f2-9d3b-8fb614f956f7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****<;O ]Ɋ& 3!X<;O F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=751e6e55-0ea0-44f2-9d3b-8fb614f956f7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d93**<;O ]Ɋ& 5!X<;O F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=751e6e55-0ea0-44f2-9d3b-8fb614f956f7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0<;O ]Ɋ& !<;O F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=751e6e55-0ea0-44f2-9d3b-8fb614f956f7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ff232499-59e8-4270-9e4a-a1b25b09ce08 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@D;O ]Ɋ& !D;O F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=751e6e55-0ea0-44f2-9d3b-8fb614f956f7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ff232499-59e8-4270-9e4a-a1b25b09ce08 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**LʝQ ]Ɋ& )!XLʝQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=060dfbe9-f5e0-4b4f-8ae2-ec0df6bfd7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**LʝQ ]Ɋ& A!XLʝQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=060dfbe9-f5e0-4b4f-8ae2-ec0df6bfd7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId**LʝQ ]Ɋ& =!XLʝQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=060dfbe9-f5e0-4b4f-8ae2-ec0df6bfd7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**LʝQ ]Ɋ& 5!XLʝQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=060dfbe9-f5e0-4b4f-8ae2-ec0df6bfd7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/**LʝQ ]Ɋ& 5!XLʝQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=060dfbe9-f5e0-4b4f-8ae2-ec0df6bfd7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=42**LʝQ ]Ɋ& 7!XLʝQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=060dfbe9-f5e0-4b4f-8ae2-ec0df6bfd7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0LʝQ ]Ɋ& !LʝQ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=060dfbe9-f5e0-4b4f-8ae2-ec0df6bfd7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=43c22788-e863-4b56-bb98-caaded128d5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@}˝Q ]Ɋ& !}˝Q F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=060dfbe9-f5e0-4b4f-8ae2-ec0df6bfd7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=43c22788-e863-4b56-bb98-caaded128d5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**X̝߮Q ]Ɋ& !X̝߮Q F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d9d5097-698f-4d26-9746-2eeb0aa3e1b8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p̝߮Q ]Ɋ& !X̝߮Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d9d5097-698f-4d26-9746-2eeb0aa3e1b8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h̝߮Q ]Ɋ& !X̝߮Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d9d5097-698f-4d26-9746-2eeb0aa3e1b8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`̝߮Q ]Ɋ& !X̝߮Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d9d5097-698f-4d26-9746-2eeb0aa3e1b8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`̝߮Q ]Ɋ& !X̝߮Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d9d5097-698f-4d26-9746-2eeb0aa3e1b8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**h̝߮Q ]Ɋ& !X̝߮Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d9d5097-698f-4d26-9746-2eeb0aa3e1b8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**̝߮Q ]Ɋ&  !̝߮Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d9d5097-698f-4d26-9746-2eeb0aa3e1b8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b9506ffd-93d6-4e60-8f8b-6f5e0eacee27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**̝߮Q ]Ɋ& !̝߮Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d9d5097-698f-4d26-9746-2eeb0aa3e1b8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b9506ffd-93d6-4e60-8f8b-6f5e0eacee27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8uG͝Q ]Ɋ& !XuG͝Q F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c3bf1371-7692-4a84-8ba6-0d6d5fb21fef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**PuG͝Q ]Ɋ& !XuG͝Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c3bf1371-7692-4a84-8ba6-0d6d5fb21fef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**PuG͝Q ]Ɋ& !XuG͝Q F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c3bf1371-7692-4a84-8ba6-0d6d5fb21fef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**HuG͝Q ]Ɋ& !XuG͝Q F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c3bf1371-7692-4a84-8ba6-0d6d5fb21fef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**HuG͝Q ]Ɋ& !XuG͝Q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c3bf1371-7692-4a84-8ba6-0d6d5fb21fef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**HuG͝Q ]Ɋ& !XuG͝Q F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c3bf1371-7692-4a84-8ba6-0d6d5fb21fef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**uG͝Q ]Ɋ& !uG͝Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c3bf1371-7692-4a84-8ba6-0d6d5fb21fef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2d26b18-9c71-40ff-bdc0-256ffcbbe2e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**uG͝Q ]Ɋ& !uG͝Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c3bf1371-7692-4a84-8ba6-0d6d5fb21fef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2d26b18-9c71-40ff-bdc0-256ffcbbe2e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**XuG͝Q ]Ɋ& !XuG͝Q F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3d365083-2ffc-4572-a7e5-8a9f446211b7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;OX**puG͝Q ]Ɋ& !XuG͝Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3d365083-2ffc-4572-a7e5-8a9f446211b7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**huG͝Q ]Ɋ& !XuG͝Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3d365083-2ffc-4572-a7e5-8a9f446211b7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  XuG͝Q F&CommandPath= CommandLine= @riptName=  ]Ɋ& XA;O F&XiJZ F&]Ɋ& meX%{F F&e=ElfChnk XB}L Mu=VysMc&&**huG͝Q ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!XuG͝Q F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3d365083-2ffc-4572-a7e5-8a9f446211b7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`uG͝Q ]Ɋ& !XuG͝Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3d365083-2ffc-4572-a7e5-8a9f446211b7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`uG͝Q ]Ɋ& !XuG͝Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3d365083-2ffc-4572-a7e5-8a9f446211b7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**uG͝Q ]Ɋ& !uG͝Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3d365083-2ffc-4572-a7e5-8a9f446211b7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b3950548-39ca-4b90-8562-b39e5dca352d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **uG͝Q ]Ɋ& !uG͝Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3d365083-2ffc-4572-a7e5-8a9f446211b7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b3950548-39ca-4b90-8562-b39e5dca352d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**( ͝Q ]Ɋ& !X ͝Q F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b501d3c4-9ed7-48b3-a798-d20a9b47082c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@ ͝Q ]Ɋ& !X ͝Q F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b501d3c4-9ed7-48b3-a798-d20a9b47082c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@ ͝Q ]Ɋ& !X ͝Q F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b501d3c4-9ed7-48b3-a798-d20a9b47082c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8 ͝Q ]Ɋ& !X ͝Q F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b501d3c4-9ed7-48b3-a798-d20a9b47082c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8 ͝Q ]Ɋ& !X ͝Q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b501d3c4-9ed7-48b3-a798-d20a9b47082c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8 ͝Q ]Ɋ& !X ͝Q F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b501d3c4-9ed7-48b3-a798-d20a9b47082c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8** ͝Q ]Ɋ& ! ͝Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b501d3c4-9ed7-48b3-a798-d20a9b47082c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b05944a4-9812-4075-81fc-8f480c2aceae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**xΝQ ]Ɋ& !xΝQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b501d3c4-9ed7-48b3-a798-d20a9b47082c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b05944a4-9812-4075-81fc-8f480c2aceae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**XsѝQ ]Ɋ& !XsѝQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f4f45ad9-c5a8-45d1-8992-1e3a1ab03b5a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**psѝQ ]Ɋ& !XsѝQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f4f45ad9-c5a8-45d1-8992-1e3a1ab03b5a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**psѝQ ]Ɋ& !XsѝQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f4f45ad9-c5a8-45d1-8992-1e3a1ab03b5a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hsѝQ ]Ɋ& !XsѝQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f4f45ad9-c5a8-45d1-8992-1e3a1ab03b5a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**hsѝQ ]Ɋ& !XsѝQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f4f45ad9-c5a8-45d1-8992-1e3a1ab03b5a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**hsѝQ ]Ɋ& !XsѝQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f4f45ad9-c5a8-45d1-8992-1e3a1ab03b5a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=75h**sѝQ ]Ɋ&  !sѝQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f4f45ad9-c5a8-45d1-8992-1e3a1ab03b5a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c3ca31a-8f74-4900-a522-238129a9db93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **) ҝQ ]Ɋ& !) ҝQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f4f45ad9-c5a8-45d1-8992-1e3a1ab03b5a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c3ca31a-8f74-4900-a522-238129a9db93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base**) ҝQ ]Ɋ& '!X) ҝQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5df665a-5f39-446f-b6ac-13de270d344b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**) ҝQ ]Ɋ& ?!X) ҝQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5df665a-5f39-446f-b6ac-13de270d344b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**) ҝQ ]Ɋ& ;!X) ҝQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5df665a-5f39-446f-b6ac-13de270d344b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe**) ҝQ ]Ɋ& 3!X) ҝQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5df665a-5f39-446f-b6ac-13de270d344b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F** ) ҝQ ]Ɋ& 3!X) ҝQ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5df665a-5f39-446f-b6ac-13de270d344b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers** ) ҝQ ]Ɋ& 5!X) ҝQ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5df665a-5f39-446f-b6ac-13de270d344b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0 ) ҝQ ]Ɋ& !) ҝQ  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5df665a-5f39-446f-b6ac-13de270d344b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3547373b-97a5-4b09-853a-d80ce7af2027 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=280**@ ҝQ ]Ɋ& !ҝQ  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5df665a-5f39-446f-b6ac-13de270d344b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3547373b-97a5-4b09-853a-d80ce7af2027 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @** ɞT ]Ɋ& )!XɞT  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e363f54-0f74-4775-bcfe-0bd08cf98fcb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ɞT ]Ɋ& A!XɞT F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e363f54-0f74-4775-bcfe-0bd08cf98fcb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ɞT ]Ɋ& =!XɞT F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e363f54-0f74-4775-bcfe-0bd08cf98fcb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ɞT ]Ɋ& 5!XɞT F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e363f54-0f74-4775-bcfe-0bd08cf98fcb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**ɞT ]Ɋ& 5!XɞT F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e363f54-0f74-4775-bcfe-0bd08cf98fcb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**ɞT ]Ɋ& 7!XɞT F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e363f54-0f74-4775-bcfe-0bd08cf98fcb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0ɞT ]Ɋ& !ɞT F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e363f54-0f74-4775-bcfe-0bd08cf98fcb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9a16988e-89e6-4712-bd46-b9f011179e5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@T ]Ɋ& !T F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e363f54-0f74-4775-bcfe-0bd08cf98fcb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9a16988e-89e6-4712-bd46-b9f011179e5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==1d@**XT ]Ɋ& !XT F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb2afae6-4e7a-4477-ba47-267c5a47d04e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConX**pT ]Ɋ& !XT F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb2afae6-4e7a-4477-ba47-267c5a47d04e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVp**hT ]Ɋ& !XT F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb2afae6-4e7a-4477-ba47-267c5a47d04e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**`T ]Ɋ& !XT F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb2afae6-4e7a-4477-ba47-267c5a47d04e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3`**`T ]Ɋ& !XT F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb2afae6-4e7a-4477-ba47-267c5a47d04e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4`**hT ]Ɋ& !XT F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb2afae6-4e7a-4477-ba47-267c5a47d04e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fb21h**T ]Ɋ&  !T F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb2afae6-4e7a-4477-ba47-267c5a47d04e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7c6e1d96-21e7-41a4-a228-a8c765472381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=us |**T ]Ɋ& !T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb2afae6-4e7a-4477-ba47-267c5a47d04e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7c6e1d96-21e7-41a4-a228-a8c765472381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sE**8T ]Ɋ& !XT F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a88ad69b-82ba-402b-b517-6a3b7c699157 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**PT ]Ɋ& !XT F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a88ad69b-82ba-402b-b517-6a3b7c699157 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liP**PT ]Ɋ& !XT F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a88ad69b-82ba-402b-b517-6a3b7c699157 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6211P**H T ]Ɋ& !XT  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a88ad69b-82ba-402b-b517-6a3b7c699157 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH]Ɋ& ]Ɋ& {FXT! ElfChnk!Q!QHIi2#!Mu=VysMc&&**H!T ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!XT! F&F%g>9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a88ad69b-82ba-402b-b517-6a3b7c699157 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**H"T ]Ɋ& !XT" F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a88ad69b-82ba-402b-b517-6a3b7c699157 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**#T ]Ɋ& !T# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a88ad69b-82ba-402b-b517-6a3b7c699157 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4eede5ab-3abd-4d15-a945-463e5620c78d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**$T ]Ɋ& !T$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a88ad69b-82ba-402b-b517-6a3b7c699157 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4eede5ab-3abd-4d15-a945-463e5620c78d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X%T ]Ɋ& !XT% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8bfb6732-9443-4107-9ff5-9a45693c9aee HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**p&T ]Ɋ& !XT& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8bfb6732-9443-4107-9ff5-9a45693c9aee HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**h'T ]Ɋ& !XT' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8bfb6732-9443-4107-9ff5-9a45693c9aee HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`(T ]Ɋ& !XT( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8bfb6732-9443-4107-9ff5-9a45693c9aee HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`)T ]Ɋ& !XT) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8bfb6732-9443-4107-9ff5-9a45693c9aee HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`*T ]Ɋ& !XT* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8bfb6732-9443-4107-9ff5-9a45693c9aee HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**+T ]Ɋ& !T+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8bfb6732-9443-4107-9ff5-9a45693c9aee HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83716e85-d7bd-48ff-8533-e23919452bf1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ͱ**,.,T ]Ɋ& !.,T, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8bfb6732-9443-4107-9ff5-9a45693c9aee HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83716e85-d7bd-48ff-8533-e23919452bf1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(-.,T ]Ɋ& !X.,T- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=36316ec0-12d5-497a-97d5-35936795f45a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@..,T ]Ɋ& !X.,T. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=36316ec0-12d5-497a-97d5-35936795f45a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@/.,T ]Ɋ& !X.,T/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=36316ec0-12d5-497a-97d5-35936795f45a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**80.,T ]Ɋ& !X.,T0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=36316ec0-12d5-497a-97d5-35936795f45a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**81.,T ]Ɋ& !X.,T1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=36316ec0-12d5-497a-97d5-35936795f45a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**82.,T ]Ɋ& !X.,T2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=36316ec0-12d5-497a-97d5-35936795f45a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**3.,T ]Ɋ& !.,T3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=36316ec0-12d5-497a-97d5-35936795f45a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cf33804d-1b40-4f4c-8fe5-f7710c28fdd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **4ġT ]Ɋ& !ġT4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=36316ec0-12d5-497a-97d5-35936795f45a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cf33804d-1b40-4f4c-8fe5-f7710c28fdd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**X5T ]Ɋ& !XT5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cdd707e7-787b-4f35-931d-5bef881e4a62 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p6T ]Ɋ& !XT6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cdd707e7-787b-4f35-931d-5bef881e4a62 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p7T ]Ɋ& !XT7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cdd707e7-787b-4f35-931d-5bef881e4a62 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**h8T ]Ɋ& !XT8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cdd707e7-787b-4f35-931d-5bef881e4a62 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**h9T ]Ɋ& !XT9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cdd707e7-787b-4f35-931d-5bef881e4a62 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**h:T ]Ɋ& !XT: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cdd707e7-787b-4f35-931d-5bef881e4a62 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**;T ]Ɋ&  !T; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cdd707e7-787b-4f35-931d-5bef881e4a62 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=49f4475b-32c4-411f-b7c7-5cdcde746c63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<T ]Ɋ& !T< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cdd707e7-787b-4f35-931d-5bef881e4a62 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=49f4475b-32c4-411f-b7c7-5cdcde746c63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**='T ]Ɋ& '!X'T= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1ece8784-6892-435f-afe0-7a9dc061f30f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **>'T ]Ɋ& ?!X'T> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1ece8784-6892-435f-afe0-7a9dc061f30f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**?'T ]Ɋ& ;!X'T? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1ece8784-6892-435f-afe0-7a9dc061f30f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**@'T ]Ɋ& 3!X'T@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1ece8784-6892-435f-afe0-7a9dc061f30f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **A'T ]Ɋ& 3!X'TA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1ece8784-6892-435f-afe0-7a9dc061f30f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**B'T ]Ɋ& 5!X'TB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1ece8784-6892-435f-afe0-7a9dc061f30f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0C'T ]Ɋ& !'TC F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1ece8784-6892-435f-afe0-7a9dc061f30f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=974e1bc4-9f6f-453f-8238-f2ecdf3ab744 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@DT ]Ɋ& !TD F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1ece8784-6892-435f-afe0-7a9dc061f30f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=974e1bc4-9f6f-453f-8238-f2ecdf3ab744 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-b9f@**E6V ]Ɋ& )!X6VE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=022829a2-b598-4e26-9693-5e7843a794c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**F6V ]Ɋ& A!X6VF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=022829a2-b598-4e26-9693-5e7843a794c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**G6V ]Ɋ& =!X6VG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=022829a2-b598-4e26-9693-5e7843a794c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=26**H6V ]Ɋ& 5!X6VH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=022829a2-b598-4e26-9693-5e7843a794c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**I6V ]Ɋ& 5!X6VI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=022829a2-b598-4e26-9693-5e7843a794c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**J6V ]Ɋ& 7!X6VJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=022829a2-b598-4e26-9693-5e7843a794c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0K6V ]Ɋ& !6VK F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=022829a2-b598-4e26-9693-5e7843a794c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0da31375-803d-4545-9eaf-fde38b513444 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@LͯV ]Ɋ& !ͯVL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=022829a2-b598-4e26-9693-5e7843a794c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0da31375-803d-4545-9eaf-fde38b513444 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**XMͯV ]Ɋ& !XͯVM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d4d3c7e8-47b0-40f3-9f23-46c640f8e945 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**pNͯV ]Ɋ& !XͯVN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d4d3c7e8-47b0-40f3-9f23-46c640f8e945 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hOͯV ]Ɋ& !XͯVO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d4d3c7e8-47b0-40f3-9f23-46c640f8e945 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`PͯV ]Ɋ& !XͯVP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d4d3c7e8-47b0-40f3-9f23-46c640f8e945 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`QͯV ]Ɋ& !XͯVQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d4d3c7e8-47b0-40f3-9f23-46c640f8e945 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==` FH] ]Ɋ& XͯVR F& ElfChnkRRĤ9ڻMu=VysMc&&**hRͯV ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! I!XͯVR F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d4d3c7e8-47b0-40f3-9f23-46c640f8e945 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**SͯV ]Ɋ&  !ͯVS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d4d3c7e8-47b0-40f3-9f23-46c640f8e945 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b580079c-2e3e-42de-a2e0-d969bdd63397 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**TcH V ]Ɋ& !cH VT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d4d3c7e8-47b0-40f3-9f23-46c640f8e945 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b580079c-2e3e-42de-a2e0-d969bdd63397 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8UcH V ]Ɋ& !XcH VU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=872c2509-e23b-4e2c-b70e-c16c5e807cb8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PVcH V ]Ɋ& !XcH VV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=872c2509-e23b-4e2c-b70e-c16c5e807cb8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PWcH V ]Ɋ& !XcH VW F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=872c2509-e23b-4e2c-b70e-c16c5e807cb8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**HXcH V ]Ɋ& !XcH VX F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=872c2509-e23b-4e2c-b70e-c16c5e807cb8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**HYcH V ]Ɋ& !XcH VY F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=872c2509-e23b-4e2c-b70e-c16c5e807cb8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**HZcH V ]Ɋ& !XcH VZ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=872c2509-e23b-4e2c-b70e-c16c5e807cb8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H**[cH V ]Ɋ& !cH V[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=872c2509-e23b-4e2c-b70e-c16c5e807cb8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=61b66774-c85b-4278-936c-a86cfcf28e1c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=+**\cH V ]Ɋ& !cH V\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=872c2509-e23b-4e2c-b70e-c16c5e807cb8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=61b66774-c85b-4278-936c-a86cfcf28e1c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=͠**X]cH V ]Ɋ& !XcH V] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3c224a22-3e54-4f64-bb48-16f88678b3a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**p^cH V ]Ɋ& !XcH V^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3c224a22-3e54-4f64-bb48-16f88678b3a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**h_cH V ]Ɋ& !XcH V_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3c224a22-3e54-4f64-bb48-16f88678b3a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**``cH V ]Ɋ& !XcH V` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3c224a22-3e54-4f64-bb48-16f88678b3a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`acH V ]Ɋ& !XcH Va F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3c224a22-3e54-4f64-bb48-16f88678b3a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`bcH V ]Ɋ& !XcH Vb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3c224a22-3e54-4f64-bb48-16f88678b3a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**ccH V ]Ɋ& !cH Vc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3c224a22-3e54-4f64-bb48-16f88678b3a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9d9238a1-f346-463a-a4e5-93c2cdaf6789 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**d V ]Ɋ& ! Vd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3c224a22-3e54-4f64-bb48-16f88678b3a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9d9238a1-f346-463a-a4e5-93c2cdaf6789 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(e V ]Ɋ& !X Ve F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=273e9638-98f8-43cd-8d7c-ae756ad55649 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@f V ]Ɋ& !X Vf F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=273e9638-98f8-43cd-8d7c-ae756ad55649 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@g V ]Ɋ& !X Vg F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=273e9638-98f8-43cd-8d7c-ae756ad55649 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**8h V ]Ɋ& !X Vh F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=273e9638-98f8-43cd-8d7c-ae756ad55649 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8i V ]Ɋ& !X Vi F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=273e9638-98f8-43cd-8d7c-ae756ad55649 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8j V ]Ɋ& !X Vj F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=273e9638-98f8-43cd-8d7c-ae756ad55649 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**k V ]Ɋ& ! Vk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=273e9638-98f8-43cd-8d7c-ae756ad55649 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4810cccc-f5a5-4c78-96ce-a0e2b6e2f07b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**ly V ]Ɋ& !y Vl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=273e9638-98f8-43cd-8d7c-ae756ad55649 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4810cccc-f5a5-4c78-96ce-a0e2b6e2f07b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**XmTC V ]Ɋ& !XTC Vm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5bc131ef-d970-4f27-a4c2-1ec67e341b38 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pnTC V ]Ɋ& !XTC Vn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5bc131ef-d970-4f27-a4c2-1ec67e341b38 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**poTC V ]Ɋ& !XTC Vo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5bc131ef-d970-4f27-a4c2-1ec67e341b38 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfop**hpTC V ]Ɋ& !XTC Vp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5bc131ef-d970-4f27-a4c2-1ec67e341b38 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insh**hqTC V ]Ɋ& !XTC Vq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5bc131ef-d970-4f27-a4c2-1ec67e341b38 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIdh**hrTC V ]Ɋ& !XTC Vr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5bc131ef-d970-4f27-a4c2-1ec67e341b38 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omh**sTC V ]Ɋ&  !TC Vs F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5bc131ef-d970-4f27-a4c2-1ec67e341b38 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2163c0b1-48b1-467d-8994-d98df8721291 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**tTC V ]Ɋ& !TC Vt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5bc131ef-d970-4f27-a4c2-1ec67e341b38 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2163c0b1-48b1-467d-8994-d98df8721291 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oleH**u V ]Ɋ& '!X Vu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=16b221da-b9e3-4955-8b91-0e39d6a60da6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**v V ]Ɋ& ?!X Vv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=16b221da-b9e3-4955-8b91-0e39d6a60da6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**w V ]Ɋ& ;!X Vw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=16b221da-b9e3-4955-8b91-0e39d6a60da6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**x V ]Ɋ& 3!X Vx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=16b221da-b9e3-4955-8b91-0e39d6a60da6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **y V ]Ɋ& 3!X Vy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=16b221da-b9e3-4955-8b91-0e39d6a60da6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame**z V ]Ɋ& 5!X Vz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=16b221da-b9e3-4955-8b91-0e39d6a60da6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rs**0{ V ]Ɋ& ! V{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=16b221da-b9e3-4955-8b91-0e39d6a60da6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=05fdc7f8-bf67-44b9-8ac2-65522ff21550 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er0**@|t V ]Ɋ& !t V| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=16b221da-b9e3-4955-8b91-0e39d6a60da6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=05fdc7f8-bf67-44b9-8ac2-65522ff21550 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1344@**}f\X ]Ɋ& )!Xf\X} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5155640e-8218-400c-84c3-9de3c253be6d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=prod**~f\X ]Ɋ& A!Xf\X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5155640e-8218-400c-84c3-9de3c253be6d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se**f\X ]Ɋ& =!Xf\X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5155640e-8218-400c-84c3-9de3c253be6d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e9**f\X ]Ɋ& 5!Xf\X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5155640e-8218-400c-84c3-9de3c253be6d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**f\X ]Ɋ& 5!Xf\X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5155640e-8218-400c-84c3-9de3c253be6d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**f\X ]Ɋ& 7!Xf\X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5155640e-8218-400c-84c3-9de3c253be6d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk_Gg:Mu=VysMc&&**8f\X ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !f\X F&F%g>9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5155640e-8218-400c-84c3-9de3c253be6d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5949967f-e6bf-4b2c-8982-1b4a1b30cc3c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@ h\X ]Ɋ& ! h\X F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5155640e-8218-400c-84c3-9de3c253be6d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5949967f-e6bf-4b2c-8982-1b4a1b30cc3c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**X h\X ]Ɋ& !X h\X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee4b53d9-1833-4e7a-aaba-38407384d627 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**p h\X ]Ɋ& !X h\X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee4b53d9-1833-4e7a-aaba-38407384d627 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**h h\X ]Ɋ& !X h\X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee4b53d9-1833-4e7a-aaba-38407384d627 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**` h\X ]Ɋ& !X h\X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee4b53d9-1833-4e7a-aaba-38407384d627 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**` h\X ]Ɋ& !X h\X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee4b53d9-1833-4e7a-aaba-38407384d627 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**h h\X ]Ɋ& !X h\X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee4b53d9-1833-4e7a-aaba-38407384d627 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh** h\X ]Ɋ&  ! h\X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee4b53d9-1833-4e7a-aaba-38407384d627 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=083cc530-d934-489a-953f-d97ef90e4fac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==** h\X ]Ɋ& ! h\X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee4b53d9-1833-4e7a-aaba-38407384d627 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=083cc530-d934-489a-953f-d97ef90e4fac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8 h\X ]Ɋ& !X h\X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=32a5870b-0a8e-4ecb-8130-c903be7e7797 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**P h\X ]Ɋ& !X h\X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=32a5870b-0a8e-4ecb-8130-c903be7e7797 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**P h\X ]Ɋ& !X h\X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=32a5870b-0a8e-4ecb-8130-c903be7e7797 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**H h\X ]Ɋ& !X h\X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=32a5870b-0a8e-4ecb-8130-c903be7e7797 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**H h\X ]Ɋ& !X h\X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=32a5870b-0a8e-4ecb-8130-c903be7e7797 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**H h\X ]Ɋ& !X h\X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=32a5870b-0a8e-4ecb-8130-c903be7e7797 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH** h\X ]Ɋ& ! h\X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=32a5870b-0a8e-4ecb-8130-c903be7e7797 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9976867a-6201-4397-b2a9-9555c411abcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN**h\X ]Ɋ& !h\X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=32a5870b-0a8e-4ecb-8130-c903be7e7797 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9976867a-6201-4397-b2a9-9555c411abcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xh\X ]Ɋ& !Xh\X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cae8993a-c162-4e1e-810d-07a61d83bfd8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==9d9X**ph\X ]Ɋ& !Xh\X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cae8993a-c162-4e1e-810d-07a61d83bfd8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hh\X ]Ɋ& !Xh\X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cae8993a-c162-4e1e-810d-07a61d83bfd8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**`h\X ]Ɋ& !Xh\X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cae8993a-c162-4e1e-810d-07a61d83bfd8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**`h\X ]Ɋ& !Xh\X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cae8993a-c162-4e1e-810d-07a61d83bfd8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**`h\X ]Ɋ& !Xh\X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cae8993a-c162-4e1e-810d-07a61d83bfd8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h\X ]Ɋ& !h\X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cae8993a-c162-4e1e-810d-07a61d83bfd8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be9d2d7d-ad2e-4166-98a5-58ba9903bbc4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**h\X ]Ɋ& !h\X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cae8993a-c162-4e1e-810d-07a61d83bfd8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be9d2d7d-ad2e-4166-98a5-58ba9903bbc4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(h\X ]Ɋ& !Xh\X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=64701a6c-0999-4a87-80b9-9552d91f90fb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@h\X ]Ɋ& !Xh\X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=64701a6c-0999-4a87-80b9-9552d91f90fb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@h\X ]Ɋ& !Xh\X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=64701a6c-0999-4a87-80b9-9552d91f90fb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**8h\X ]Ɋ& !Xh\X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=64701a6c-0999-4a87-80b9-9552d91f90fb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**8h\X ]Ɋ& !Xh\X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=64701a6c-0999-4a87-80b9-9552d91f90fb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**8h\X ]Ɋ& !Xh\X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=64701a6c-0999-4a87-80b9-9552d91f90fb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**h\X ]Ɋ& !h\X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=64701a6c-0999-4a87-80b9-9552d91f90fb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f9c3c320-471d-4ab9-93c4-68978d986b87 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru**F;i\X ]Ɋ& !F;i\X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=64701a6c-0999-4a87-80b9-9552d91f90fb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f9c3c320-471d-4ab9-93c4-68978d986b87 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**X k\X ]Ɋ& !X k\X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5ebc85c-15a0-43ec-9b54-b2a802fc2e1a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**p k\X ]Ɋ& !X k\X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5ebc85c-15a0-43ec-9b54-b2a802fc2e1a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**p k\X ]Ɋ& !X k\X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5ebc85c-15a0-43ec-9b54-b2a802fc2e1a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**h k\X ]Ɋ& !X k\X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5ebc85c-15a0-43ec-9b54-b2a802fc2e1a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**h k\X ]Ɋ& !X k\X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5ebc85c-15a0-43ec-9b54-b2a802fc2e1a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**h k\X ]Ɋ& !X k\X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5ebc85c-15a0-43ec-9b54-b2a802fc2e1a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h** k\X ]Ɋ&  ! k\X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5ebc85c-15a0-43ec-9b54-b2a802fc2e1a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=332ab9f6-c0b3-4361-bc1c-e80d3f92d077 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**k\X ]Ɋ& !k\X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5ebc85c-15a0-43ec-9b54-b2a802fc2e1a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=332ab9f6-c0b3-4361-bc1c-e80d3f92d077 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var**k\X ]Ɋ& '!Xk\X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ecc1941c-80a0-4961-a55f-773d8e253689 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**k\X ]Ɋ& ?!Xk\X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ecc1941c-80a0-4961-a55f-773d8e253689 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**k\X ]Ɋ& ;!Xk\X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ecc1941c-80a0-4961-a55f-773d8e253689 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**k\X ]Ɋ& 3!Xk\X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ecc1941c-80a0-4961-a55f-773d8e253689 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**k\X ]Ɋ& 3!Xk\X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ecc1941c-80a0-4961-a55f-773d8e253689 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**k\X ]Ɋ& 5!Xk\X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ecc1941c-80a0-4961-a55f-773d8e253689 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 35k\X F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**f\X ]Ɋ& 7!Xf\X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5155640e-8218-400c-84c3-9de3c253be6d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkH߿OUb.Mu=VysMc&&**8 k\X ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !k\X F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ecc1941c-80a0-4961-a55f-773d8e253689 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0698b7cf-e5cd-47a9-8b36-d2754b26eea0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e-88 **@66l\X ]Ɋ& !66l\X F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ecc1941c-80a0-4961-a55f-773d8e253689 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0698b7cf-e5cd-47a9-8b36-d2754b26eea0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**(Z ]Ɋ& )!X(Z F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=26d3a19d-8ec7-4030-b092-d58dc761570b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**(Z ]Ɋ& A!X(Z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=26d3a19d-8ec7-4030-b092-d58dc761570b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **(Z ]Ɋ& =!X(Z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=26d3a19d-8ec7-4030-b092-d58dc761570b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **(Z ]Ɋ& 5!X(Z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=26d3a19d-8ec7-4030-b092-d58dc761570b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7a**(Z ]Ɋ& 5!X(Z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=26d3a19d-8ec7-4030-b092-d58dc761570b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(Z ]Ɋ& 7!X(Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=26d3a19d-8ec7-4030-b092-d58dc761570b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0(Z ]Ɋ& !(Z F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=26d3a19d-8ec7-4030-b092-d58dc761570b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e88100eb-9df0-438d-9235-69b8a928f64c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@/ *Z ]Ɋ& !/ *Z F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=26d3a19d-8ec7-4030-b092-d58dc761570b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e88100eb-9df0-438d-9235-69b8a928f64c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**X/ *Z ]Ɋ& !X/ *Z F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aa1031b0-96ed-4d9f-9913-9f34fad4e804 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p/ *Z ]Ɋ& !X/ *Z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aa1031b0-96ed-4d9f-9913-9f34fad4e804 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h/ *Z ]Ɋ& !X/ *Z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aa1031b0-96ed-4d9f-9913-9f34fad4e804 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`/ *Z ]Ɋ& !X/ *Z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aa1031b0-96ed-4d9f-9913-9f34fad4e804 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`/ *Z ]Ɋ& !X/ *Z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aa1031b0-96ed-4d9f-9913-9f34fad4e804 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h/ *Z ]Ɋ& !X/ *Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aa1031b0-96ed-4d9f-9913-9f34fad4e804 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h\Xh**/ *Z ]Ɋ&  !/ *Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aa1031b0-96ed-4d9f-9913-9f34fad4e804 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=427e90d0-7463-4166-a979-b254e5cdd6d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**/ *Z ]Ɋ& !/ *Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aa1031b0-96ed-4d9f-9913-9f34fad4e804 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=427e90d0-7463-4166-a979-b254e5cdd6d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**8ť*Z ]Ɋ& !Xť*Z F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8c03d20c-cceb-497c-84e9-a27e14823c09 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pť*Z ]Ɋ& !Xť*Z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8c03d20c-cceb-497c-84e9-a27e14823c09 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pť*Z ]Ɋ& !Xť*Z F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8c03d20c-cceb-497c-84e9-a27e14823c09 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**Hť*Z ]Ɋ& !Xť*Z F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8c03d20c-cceb-497c-84e9-a27e14823c09 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hť*Z ]Ɋ& !Xť*Z F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8c03d20c-cceb-497c-84e9-a27e14823c09 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hť*Z ]Ɋ& !Xť*Z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8c03d20c-cceb-497c-84e9-a27e14823c09 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**ť*Z ]Ɋ& !ť*Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8c03d20c-cceb-497c-84e9-a27e14823c09 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d656ba3-3672-4543-afcf-9ac20b4e24e8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ť*Z ]Ɋ& !ť*Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8c03d20c-cceb-497c-84e9-a27e14823c09 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d656ba3-3672-4543-afcf-9ac20b4e24e8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**Xť*Z ]Ɋ& !Xť*Z F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=83ef7fcc-53e0-4dc1-b680-62f8c5f68ad7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pť*Z ]Ɋ& !Xť*Z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=83ef7fcc-53e0-4dc1-b680-62f8c5f68ad7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**hť*Z ]Ɋ& !Xť*Z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=83ef7fcc-53e0-4dc1-b680-62f8c5f68ad7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`ť*Z ]Ɋ& !Xť*Z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=83ef7fcc-53e0-4dc1-b680-62f8c5f68ad7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1a`**`ť*Z ]Ɋ& !Xť*Z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=83ef7fcc-53e0-4dc1-b680-62f8c5f68ad7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**`ť*Z ]Ɋ& !Xť*Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=83ef7fcc-53e0-4dc1-b680-62f8c5f68ad7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**ť*Z ]Ɋ& !ť*Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=83ef7fcc-53e0-4dc1-b680-62f8c5f68ad7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9fd2edc3-a8e0-428d-bccd-7f454db4c332 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**ť*Z ]Ɋ& !ť*Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=83ef7fcc-53e0-4dc1-b680-62f8c5f68ad7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9fd2edc3-a8e0-428d-bccd-7f454db4c332 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(\>+Z ]Ɋ& !X\>+Z F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=62e9540b-0e1a-4a1c-ba08-6d9a86cbe474 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@\>+Z ]Ɋ& !X\>+Z F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=62e9540b-0e1a-4a1c-ba08-6d9a86cbe474 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@\>+Z ]Ɋ& !X\>+Z F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=62e9540b-0e1a-4a1c-ba08-6d9a86cbe474 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**8\>+Z ]Ɋ& !X\>+Z F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=62e9540b-0e1a-4a1c-ba08-6d9a86cbe474 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**8\>+Z ]Ɋ& !X\>+Z F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=62e9540b-0e1a-4a1c-ba08-6d9a86cbe474 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8\>+Z ]Ɋ& !X\>+Z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=62e9540b-0e1a-4a1c-ba08-6d9a86cbe474 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**\>+Z ]Ɋ& !\>+Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=62e9540b-0e1a-4a1c-ba08-6d9a86cbe474 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4c572703-5234-4b79-8b78-ce098c0633bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**+Z ]Ɋ& !+Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=62e9540b-0e1a-4a1c-ba08-6d9a86cbe474 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4c572703-5234-4b79-8b78-ce098c0633bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**X-Z ]Ɋ& !X-Z F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bd86b63c-f343-4721-bf94-5658841b164a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**p-Z ]Ɋ& !X-Z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bd86b63c-f343-4721-bf94-5658841b164a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p-Z ]Ɋ& !X-Z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bd86b63c-f343-4721-bf94-5658841b164a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**h-Z ]Ɋ& !X-Z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bd86b63c-f343-4721-bf94-5658841b164a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**h-Z ]Ɋ& !X-Z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bd86b63c-f343-4721-bf94-5658841b164a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**h-Z ]Ɋ& !X-Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bd86b63c-f343-4721-bf94-5658841b164a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**-Z ]Ɋ&  !-Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bd86b63c-f343-4721-bf94-5658841b164a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11f712f0-7fb6-4dad-b794-95515119bca6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**-Z ]Ɋ& !-Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bd86b63c-f343-4721-bf94-5658841b164a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11f712f0-7fb6-4dad-b794-95515119bca6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=35k\X ]Ɋ&  CXL9.Z F&ommandPath= CommandLine=wP**f\X ]Ɋ& 7!Xf\X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5155640e-8218-400c-84c3-9de3c253be6d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk(jUMu=VysMc&&** L9.Z ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XL9.Z F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=09d26bd7-7c0f-4f7f-a7e7-bf0413872fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **L9.Z ]Ɋ& ?!XL9.Z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=09d26bd7-7c0f-4f7f-a7e7-bf0413872fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**L9.Z ]Ɋ& ;!XL9.Z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=09d26bd7-7c0f-4f7f-a7e7-bf0413872fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **L9.Z ]Ɋ& 3!XL9.Z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=09d26bd7-7c0f-4f7f-a7e7-bf0413872fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**L9.Z ]Ɋ& 3!XL9.Z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=09d26bd7-7c0f-4f7f-a7e7-bf0413872fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**L9.Z ]Ɋ& 5!XL9.Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=09d26bd7-7c0f-4f7f-a7e7-bf0413872fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0L9.Z ]Ɋ& !L9.Z F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=09d26bd7-7c0f-4f7f-a7e7-bf0413872fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=6223e640-ac6d-4f6b-a4ce-cd466dabb2f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@.Z ]Ɋ& !.Z F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=09d26bd7-7c0f-4f7f-a7e7-bf0413872fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=6223e640-ac6d-4f6b-a4ce-cd466dabb2f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @**Kt\ ]Ɋ& )!XKt\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1af6c090-27b1-4d3a-97c3-2e7dc1043618 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**Kt\ ]Ɋ& A!XKt\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1af6c090-27b1-4d3a-97c3-2e7dc1043618 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsta**Kt\ ]Ɋ& =!XKt\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1af6c090-27b1-4d3a-97c3-2e7dc1043618 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9f**Kt\ ]Ɋ& 5!XKt\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1af6c090-27b1-4d3a-97c3-2e7dc1043618 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**Kt\ ]Ɋ& 5!XKt\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1af6c090-27b1-4d3a-97c3-2e7dc1043618 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**Kt\ ]Ɋ& 7!XKt\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1af6c090-27b1-4d3a-97c3-2e7dc1043618 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0Kt\ ]Ɋ& !Kt\ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1af6c090-27b1-4d3a-97c3-2e7dc1043618 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9c4598bf-67ff-4146-811c-5c1dbbbe9e3a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**@xt\ ]Ɋ& !xt\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1af6c090-27b1-4d3a-97c3-2e7dc1043618 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9c4598bf-67ff-4146-811c-5c1dbbbe9e3a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**Xxt\ ]Ɋ& !Xxt\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aa875cd9-dc1e-4b6d-bebc-80fc04411f6e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**pxt\ ]Ɋ& !Xxt\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aa875cd9-dc1e-4b6d-bebc-80fc04411f6e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hxt\ ]Ɋ& !Xxt\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aa875cd9-dc1e-4b6d-bebc-80fc04411f6e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`xt\ ]Ɋ& !Xxt\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aa875cd9-dc1e-4b6d-bebc-80fc04411f6e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**`xt\ ]Ɋ& !Xxt\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aa875cd9-dc1e-4b6d-bebc-80fc04411f6e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hxt\ ]Ɋ& !Xxt\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aa875cd9-dc1e-4b6d-bebc-80fc04411f6e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ť*h**xt\ ]Ɋ&  !xt\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aa875cd9-dc1e-4b6d-bebc-80fc04411f6e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0603405b-40cc-4a03-909e-e74b3a433c94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**xt\ ]Ɋ& !xt\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aa875cd9-dc1e-4b6d-bebc-80fc04411f6e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0603405b-40cc-4a03-909e-e74b3a433c94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8{t\ ]Ɋ& !X{t\ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=66c7a12a-99ef-4f79-ac6d-cdd32ad5d8ce HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P{t\ ]Ɋ& !X{t\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=66c7a12a-99ef-4f79-ac6d-cdd32ad5d8ce HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ť*P**P{t\ ]Ɋ& !X{t\ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=66c7a12a-99ef-4f79-ac6d-cdd32ad5d8ce HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stP**H{t\ ]Ɋ& !X{t\ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=66c7a12a-99ef-4f79-ac6d-cdd32ad5d8ce HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**H{t\ ]Ɋ& !X{t\ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=66c7a12a-99ef-4f79-ac6d-cdd32ad5d8ce HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**H{t\ ]Ɋ& !X{t\ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=66c7a12a-99ef-4f79-ac6d-cdd32ad5d8ce HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ameH**{t\ ]Ɋ& !{t\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=66c7a12a-99ef-4f79-ac6d-cdd32ad5d8ce HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3d30e19a-41cd-4ed7-a0a8-d21b68dc6dc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **{t\ ]Ɋ& !{t\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=66c7a12a-99ef-4f79-ac6d-cdd32ad5d8ce HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3d30e19a-41cd-4ed7-a0a8-d21b68dc6dc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X{t\ ]Ɋ& !X{t\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7e6fac88-bdbb-4ade-970a-da26fadce3ea HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortX**p{t\ ]Ɋ& !X{t\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7e6fac88-bdbb-4ade-970a-da26fadce3ea HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=se.pp**h{t\ ]Ɋ& !X{t\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7e6fac88-bdbb-4ade-970a-da26fadce3ea HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cah**`{t\ ]Ɋ& !X{t\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7e6fac88-bdbb-4ade-970a-da26fadce3ea HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**` {t\ ]Ɋ& !X{t\  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7e6fac88-bdbb-4ade-970a-da26fadce3ea HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\`**` {t\ ]Ɋ& !X{t\  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7e6fac88-bdbb-4ade-970a-da26fadce3ea HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `** {t\ ]Ɋ& !{t\  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7e6fac88-bdbb-4ade-970a-da26fadce3ea HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c49389f-03e5-4ecb-94c9-10259765267d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R** {t\ ]Ɋ& !{t\  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7e6fac88-bdbb-4ade-970a-da26fadce3ea HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c49389f-03e5-4ecb-94c9-10259765267d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obj**( t\ ]Ɋ& !Xt\  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=619553b6-c576-4871-821b-1b630adfcd14 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@t\ ]Ɋ& !Xt\ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=619553b6-c576-4871-821b-1b630adfcd14 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@t\ ]Ɋ& !Xt\ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=619553b6-c576-4871-821b-1b630adfcd14 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=658@**8t\ ]Ɋ& !Xt\ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=619553b6-c576-4871-821b-1b630adfcd14 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8t\ ]Ɋ& !Xt\ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=619553b6-c576-4871-821b-1b630adfcd14 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tNa8**8t\ ]Ɋ& !Xt\ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=619553b6-c576-4871-821b-1b630adfcd14 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge8**t\ ]Ɋ& !t\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=619553b6-c576-4871-821b-1b630adfcd14 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7bbf3956-fc47-4711-b869-912fc1ff0dad PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=al**;t\ ]Ɋ& !;t\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=619553b6-c576-4871-821b-1b630adfcd14 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7bbf3956-fc47-4711-b869-912fc1ff0dad PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=432N**Xut\ ]Ɋ& !Xut\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d1e9105f-399c-46bf-aae9-908cb2ac6eaa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EX**put\ ]Ɋ& !Xut\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d1e9105f-399c-46bf-aae9-908cb2ac6eaa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**put\ ]Ɋ& !Xut\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d1e9105f-399c-46bf-aae9-908cb2ac6eaa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=pnsoleHost  ]Ɋ& 3-Xut\ F&n=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkJJs4Xr2Mu=VysMc&&**h ut\ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!Xut\ F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d1e9105f-399c-46bf-aae9-908cb2ac6eaa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **hut\ ]Ɋ& !Xut\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d1e9105f-399c-46bf-aae9-908cb2ac6eaa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**hut\ ]Ɋ& !Xut\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d1e9105f-399c-46bf-aae9-908cb2ac6eaa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch**ut\ ]Ɋ&  !ut\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d1e9105f-399c-46bf-aae9-908cb2ac6eaa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=72676505-bbee-4379-bca5-b38d0dd855c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**t\ ]Ɋ& !t\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d1e9105f-399c-46bf-aae9-908cb2ac6eaa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=72676505-bbee-4379-bca5-b38d0dd855c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst**t\ ]Ɋ& '!Xt\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d2bf2feb-9763-45e5-ad46-a89483a1c03a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**t\ ]Ɋ& ?!Xt\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d2bf2feb-9763-45e5-ad46-a89483a1c03a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**t\ ]Ɋ& ;!Xt\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d2bf2feb-9763-45e5-ad46-a89483a1c03a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab** t\ ]Ɋ& 3!Xt\  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d2bf2feb-9763-45e5-ad46-a89483a1c03a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!t\ ]Ɋ& 3!Xt\! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d2bf2feb-9763-45e5-ad46-a89483a1c03a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**"t\ ]Ɋ& 5!Xt\" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d2bf2feb-9763-45e5-ad46-a89483a1c03a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**0#t\ ]Ɋ& !t\# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d2bf2feb-9763-45e5-ad46-a89483a1c03a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a7f382fd-ab21-4d28-a64b-3749b82ba976 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@$,t\ ]Ɋ& !,t\$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d2bf2feb-9763-45e5-ad46-a89483a1c03a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a7f382fd-ab21-4d28-a64b-3749b82ba976 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**%^ ]Ɋ& )!X^% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6b06fbe8-00d7-4d1d-b8e3-3089feb15fbf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**&^ ]Ɋ& A!X^& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6b06fbe8-00d7-4d1d-b8e3-3089feb15fbf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**'^ ]Ɋ& =!X^' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6b06fbe8-00d7-4d1d-b8e3-3089feb15fbf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**(^ ]Ɋ& 5!X^( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6b06fbe8-00d7-4d1d-b8e3-3089feb15fbf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g **)^ ]Ɋ& 5!X^) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6b06fbe8-00d7-4d1d-b8e3-3089feb15fbf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na***^ ]Ɋ& 7!X^* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6b06fbe8-00d7-4d1d-b8e3-3089feb15fbf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0+3*^ ]Ɋ& !3*^+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6b06fbe8-00d7-4d1d-b8e3-3089feb15fbf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c8459813-288e-47d1-8989-24b6cd86dd1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@,^ ]Ɋ& !^, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6b06fbe8-00d7-4d1d-b8e3-3089feb15fbf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c8459813-288e-47d1-8989-24b6cd86dd1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C@**X-`[^ ]Ɋ& !X`[^- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3e602785-ca97-45f6-a8c7-7a3edc982746 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artX**p.`[^ ]Ɋ& !X`[^. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3e602785-ca97-45f6-a8c7-7a3edc982746 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceNp**h/`[^ ]Ɋ& !X`[^/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3e602785-ca97-45f6-a8c7-7a3edc982746 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`0`[^ ]Ɋ& !X`[^0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3e602785-ca97-45f6-a8c7-7a3edc982746 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**`1`[^ ]Ɋ& !X`[^1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3e602785-ca97-45f6-a8c7-7a3edc982746 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s`**h2`[^ ]Ɋ& !X`[^2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3e602785-ca97-45f6-a8c7-7a3edc982746 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 h**3`[^ ]Ɋ&  !`[^3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3e602785-ca97-45f6-a8c7-7a3edc982746 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2d21081-569c-4731-a740-1c7349b800a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ppli**4`[^ ]Ɋ& !`[^4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3e602785-ca97-45f6-a8c7-7a3edc982746 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2d21081-569c-4731-a740-1c7349b800a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**85`[^ ]Ɋ& !X`[^5 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f86c3730-fbdb-413f-af05-d8d95c5566f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a-8**P6`[^ ]Ɋ& !X`[^6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f86c3730-fbdb-413f-af05-d8d95c5566f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=88P**P7`[^ ]Ɋ& !X`[^7 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f86c3730-fbdb-413f-af05-d8d95c5566f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HP**H8`[^ ]Ɋ& !X`[^8 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f86c3730-fbdb-413f-af05-d8d95c5566f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVerH**H9`[^ ]Ɋ& !X`[^9 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f86c3730-fbdb-413f-af05-d8d95c5566f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leHoH**H:`[^ ]Ɋ& !X`[^: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f86c3730-fbdb-413f-af05-d8d95c5566f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stNH**;`[^ ]Ɋ& !`[^; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f86c3730-fbdb-413f-af05-d8d95c5566f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ff719167-a8f6-4334-89bb-5ada2a1ee2f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsi**<`[^ ]Ɋ& !`[^< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f86c3730-fbdb-413f-af05-d8d95c5566f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ff719167-a8f6-4334-89bb-5ada2a1ee2f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**X=^ ]Ɋ& !X^= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=941af5d4-aee1-4e62-abf7-0d4163c541e6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SX**p>^ ]Ɋ& !X^> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=941af5d4-aee1-4e62-abf7-0d4163c541e6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h?^ ]Ɋ& !X^? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=941af5d4-aee1-4e62-abf7-0d4163c541e6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**`@^ ]Ɋ& !X^@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=941af5d4-aee1-4e62-abf7-0d4163c541e6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`A^ ]Ɋ& !X^A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=941af5d4-aee1-4e62-abf7-0d4163c541e6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll`**`B^ ]Ɋ& !X^B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=941af5d4-aee1-4e62-abf7-0d4163c541e6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**C^ ]Ɋ& !^C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=941af5d4-aee1-4e62-abf7-0d4163c541e6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=522b6de4-43b7-4e45-9683-86d2d12ea6f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**D^ ]Ɋ& !^D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=941af5d4-aee1-4e62-abf7-0d4163c541e6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=522b6de4-43b7-4e45-9683-86d2d12ea6f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uen**(E^ ]Ɋ& !X^E F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=02f3d35d-4974-4adf-8476-070cb42ec618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t(**@F^ ]Ɋ& !X^F F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=02f3d35d-4974-4adf-8476-070cb42ec618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@G^ ]Ɋ& !X^G F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=02f3d35d-4974-4adf-8476-070cb42ec618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**8H^ ]Ɋ& !X^H F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=02f3d35d-4974-4adf-8476-070cb42ec618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liz8**8I^ ]Ɋ& !X^I F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=02f3d35d-4974-4adf-8476-070cb42ec618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin8**8J^ ]Ɋ& !X^J F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=02f3d35d-4974-4adf-8476-070cb42ec618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnkKKHH9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=02f3d35d-4974-4adf-8476-070cb42ec618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0b28bb03-70a3-4686-8a4a-7902a6900efe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio **L^ ]Ɋ& !^L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=02f3d35d-4974-4adf-8476-070cb42ec618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0b28bb03-70a3-4686-8a4a-7902a6900efe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izat**XMQV^ ]Ɋ& !XQV^M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ccb2ed52-57d4-4c95-8387-f3c2b455ec63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pNQV^ ]Ɋ& !XQV^N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ccb2ed52-57d4-4c95-8387-f3c2b455ec63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**pOQV^ ]Ɋ& !XQV^O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ccb2ed52-57d4-4c95-8387-f3c2b455ec63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=opep**hPQV^ ]Ɋ& !XQV^P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ccb2ed52-57d4-4c95-8387-f3c2b455ec63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ltuh**hQQV^ ]Ɋ& !XQV^Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ccb2ed52-57d4-4c95-8387-f3c2b455ec63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hRQV^ ]Ɋ& !XQV^R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ccb2ed52-57d4-4c95-8387-f3c2b455ec63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Idh**SQV^ ]Ɋ&  !QV^S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ccb2ed52-57d4-4c95-8387-f3c2b455ec63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d02cd623-003c-4392-b898-a31f6485a549 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**T^ ]Ɋ& !^T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ccb2ed52-57d4-4c95-8387-f3c2b455ec63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d02cd623-003c-4392-b898-a31f6485a549 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**U^ ]Ɋ& '!X^U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bc074f61-a1bc-43fb-9ee3-4434fc2c186a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**V^ ]Ɋ& ?!X^V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bc074f61-a1bc-43fb-9ee3-4434fc2c186a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**W^ ]Ɋ& ;!X^W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bc074f61-a1bc-43fb-9ee3-4434fc2c186a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X^ ]Ɋ& 3!X^X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bc074f61-a1bc-43fb-9ee3-4434fc2c186a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**Y^ ]Ɋ& 3!X^Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bc074f61-a1bc-43fb-9ee3-4434fc2c186a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Z^ ]Ɋ& 5!X^Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bc074f61-a1bc-43fb-9ee3-4434fc2c186a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0[^ ]Ɋ& !^[ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bc074f61-a1bc-43fb-9ee3-4434fc2c186a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1535c52c-8398-4d2c-bcfc-991ef5204335 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la0**@\~^ ]Ɋ& !~^\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bc074f61-a1bc-43fb-9ee3-4434fc2c186a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1535c52c-8398-4d2c-bcfc-991ef5204335 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng -@**])D~` ]Ɋ& !X)D~`] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=Default Host HostVersion=4.0 HostId=cd2d4d70-a585-49a3-b6d1-9ce561306c0e HostApplication=C:\Windows\system32\ServerManager.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostA**^)D~` ]Ɋ& !X)D~`^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=Default Host HostVersion=4.0 HostId=cd2d4d70-a585-49a3-b6d1-9ce561306c0e HostApplication=C:\Windows\system32\ServerManager.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN**_)D~` ]Ɋ& !X)D~`_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=Default Host HostVersion=4.0 HostId=cd2d4d70-a585-49a3-b6d1-9ce561306c0e HostApplication=C:\Windows\system32\ServerManager.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**`)D~` ]Ɋ& !X)D~`` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=Default Host HostVersion=4.0 HostId=cd2d4d70-a585-49a3-b6d1-9ce561306c0e HostApplication=C:\Windows\system32\ServerManager.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **a)D~` ]Ɋ& !X)D~`a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=Default Host HostVersion=4.0 HostId=cd2d4d70-a585-49a3-b6d1-9ce561306c0e HostApplication=C:\Windows\system32\ServerManager.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g **b)D~` ]Ɋ& !X)D~`b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=Default Host HostVersion=4.0 HostId=cd2d4d70-a585-49a3-b6d1-9ce561306c0e HostApplication=C:\Windows\system32\ServerManager.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **cCD~` ]Ɋ& !XCD~`c F&CertificateStarted ProviderName=Certificate NewProviderState=Started SequenceNumber=13 HostName=Default Host HostVersion=4.0 HostId=cd2d4d70-a585-49a3-b6d1-9ce561306c0e HostApplication=C:\Windows\system32\ServerManager.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio**dCD~` ]Ɋ& !XCD~`d F&WSManStarted ProviderName=WSMan NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=4.0 HostId=cd2d4d70-a585-49a3-b6d1-9ce561306c0e HostApplication=C:\Windows\system32\ServerManager.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=one**eCD~` ]Ɋ& 7!CD~`e F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=17 HostName=Default Host HostVersion=4.0 HostId=cd2d4d70-a585-49a3-b6d1-9ce561306c0e HostApplication=C:\Windows\system32\ServerManager.exe EngineVersion=4.0 RunspaceId=9499e9e3-4ae5-415c-8894-93b467aded3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**fCD~` ]Ɋ& !XCD~`f F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ServerRemoteHost HostVersion=1.0.0.0 HostId=17dbbc85-0425-4eab-b314-80b4a631d79f HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp**gCD~` ]Ɋ& !XCD~`g F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ServerRemoteHost HostVersion=1.0.0.0 HostId=17dbbc85-0425-4eab-b314-80b4a631d79f HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= An**hCD~` ]Ɋ& !XCD~`h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ServerRemoteHost HostVersion=1.0.0.0 HostId=17dbbc85-0425-4eab-b314-80b4a631d79f HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**iCD~` ]Ɋ& !XCD~`i F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ServerRemoteHost HostVersion=1.0.0.0 HostId=17dbbc85-0425-4eab-b314-80b4a631d79f HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**jCD~` ]Ɋ& !XCD~`j F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ServerRemoteHost HostVersion=1.0.0.0 HostId=17dbbc85-0425-4eab-b314-80b4a631d79f HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**kCD~` ]Ɋ&  !XCD~`k F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ServerRemoteHost HostVersion=1.0.0.0 HostId=17dbbc85-0425-4eab-b314-80b4a631d79f HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**lCD~` ]Ɋ& !XCD~`l F&CertificateStarted ProviderName=Certificate NewProviderState=Started SequenceNumber=13 HostName=ServerRemoteHost HostVersion=1.0.0.0 HostId=17dbbc85-0425-4eab-b314-80b4a631d79f HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **mCD~` ]Ɋ& !XCD~`m F&WSManStarted ProviderName=WSMan NewProviderState=Started SequenceNumber=15 HostName=ServerRemoteHost HostVersion=1.0.0.0 HostId=17dbbc85-0425-4eab-b314-80b4a631d79f HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa**nCD~` ]Ɋ& Y!CD~`n F&6AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=17 HostName=ServerRemoteHost HostVersion=1.0.0.0 HostId=17dbbc85-0425-4eab-b314-80b4a631d79f HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion=4.0 RunspaceId=d7b34bac-ad04-48aa-a098-99ca940aaf4a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=widt**o$G~` ]Ɋ& !X$G~`o F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=4.0 HostId=2086e838-6af3-4a70-9afe-69d23dc1094e HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**p$G~` ]Ɋ& !X$G~`p F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=4.0 HostId=2086e838-6af3-4a70-9afe-69d23dc1094e HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue**q$G~` ]Ɋ& !X$G~`q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=4.0 HostId=2086e838-6af3-4a70-9afe-69d23dc1094e HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**r$G~` ]Ɋ& !X$G~`r F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=4.0 HostId=2086e838-6af3-4a70-9afe-69d23dc1094e HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comm**s$G~` ]Ɋ& !X$G~`s F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=4.0 HostId=2086e838-6af3-4a70-9afe-69d23dc1094e HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vers**t$G~` ]Ɋ& !X$G~`t F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=4.0 HostId=2086e838-6af3-4a70-9afe-69d23dc1094e HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roso**u$G~` ]Ɋ& !X$G~`u F&CertificateStarted ProviderName=Certificate NewProviderState=Started SequenceNumber=31 HostName=Default Host HostVersion=4.0 HostId=2086e838-6af3-4a70-9afe-69d23dc1094e HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=63**v$G~` ]Ɋ& !X$G~`v F&WSManStarted ProviderName=WSMan NewProviderState=Started SequenceNumber=33 HostName=Default Host HostVersion=4.0 HostId=2086e838-6af3-4a70-9afe-69d23dc1094e HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **w$G~` ]Ɋ& I!$G~`w F&&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=35 HostName=Default Host HostVersion=4.0 HostId=2086e838-6af3-4a70-9afe-69d23dc1094e HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion=4.0 RunspaceId=aaad5642-ce6c-4498-8ff4-00ae30a58e16 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne**x$G~` ]Ɋ& !X$G~`x F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=37 HostName=Default Host HostVersion=4.0 HostId=cce185ee-98c1-4c16-bc4f-5e1cd34b1bd5 HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP**y$G~` ]Ɋ& !X$G~`y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=39 HostName=Default Host HostVersion=4.0 HostId=cce185ee-98c1-4c16-bc4f-5e1cd34b1bd5 HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**z$G~` ]Ɋ& !X$G~`z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=41 HostName=Default Host HostVersion=4.0 HostId=cce185ee-98c1-4c16-bc4f-5e1cd34b1bd5 HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e en**{$G~` ]Ɋ& !X$G~`{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=43 HostName=Default Host HostVersion=4.0 HostId=cce185ee-98c1-4c16-bc4f-5e1cd34b1bd5 HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d P**|$G~` ]Ɋ& !X$G~`| F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=45 HostName=Default Host HostVersion=4.0 HostId=cce185ee-98c1-4c16-bc4f-5e1cd34b1bd5 HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peli**}$G~` ]Ɋ& !X$G~`} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=47 HostName=Default Host HostVersion=4.0 HostId=cce185ee-98c1-4c16-bc4f-5e1cd34b1bd5 HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Par**~$G~` ]Ɋ& !X$G~`~ F&CertificateStarted ProviderName=Certificate NewProviderState=Started SequenceNumber=49 HostName=Default Host HostVersion=4.0 HostId=cce185ee-98c1-4c16-bc4f-5e1cd34b1bd5 HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**$G~` ]Ɋ& !X$G~` F&WSManStarted ProviderName=WSMan NewProviderState=Started SequenceNumber=51 HostName=Default Host HostVersion=4.0 HostId=cce185ee-98c1-4c16-bc4f-5e1cd34b1bd5 HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**$G~` ]Ɋ& I!$G~` F&&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=53 HostName=Default Host HostVersion=4.0 HostId=cce185ee-98c1-4c16-bc4f-5e1cd34b1bd5 HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion=4.0 RunspaceId=fc73c362-5fc1-4269-b27b-d44abf8561ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-U**)~` ]Ɋ& U!)~` F&2StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=55 HostName=Default Host HostVersion=4.0 HostId=2086e838-6af3-4a70-9afe-69d23dc1094e HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion=4.0 RunspaceId=aaad5642-ce6c-4498-8ff4-00ae30a58e16 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFix | selec ]Ɋ& ba)~` F&value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnkpXkӺvhMu=VysMc&&**)~` ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !)~` F&F%g>9{p(xlMD EventDatauoData !Binary2StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=57 HostName=Default Host HostVersion=4.0 HostId=cce185ee-98c1-4c16-bc4f-5e1cd34b1bd5 HostApplication=C:\Windows\system32\wsmprovhost.exe -Embedding EngineVersion=4.0 RunspaceId=fc73c362-5fc1-4269-b27b-d44abf8561ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sta**;a ]Ɋ& )!X;a F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e9a02f65-10c2-4802-aab5-3c4d671dc0a1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**;a ]Ɋ& A!X;a F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e9a02f65-10c2-4802-aab5-3c4d671dc0a1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**;a ]Ɋ& =!X;a F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e9a02f65-10c2-4802-aab5-3c4d671dc0a1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=$(**;a ]Ɋ& 5!X;a F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e9a02f65-10c2-4802-aab5-3c4d671dc0a1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7-**;a ]Ɋ& 5!X;a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e9a02f65-10c2-4802-aab5-3c4d671dc0a1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**;a ]Ɋ& 7!X;a F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e9a02f65-10c2-4802-aab5-3c4d671dc0a1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**0;a ]Ɋ& !;a F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e9a02f65-10c2-4802-aab5-3c4d671dc0a1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5fab75e0-116e-40ce-b092-31466046cb46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i0**@B;a ]Ɋ& !B;a F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e9a02f65-10c2-4802-aab5-3c4d671dc0a1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5fab75e0-116e-40ce-b092-31466046cb46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655@**XB;a ]Ɋ& !XB;a F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=388c949a-7fe2-4fff-85ff-858aaa24cdea HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WinX**pB;a ]Ɋ& !XB;a F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=388c949a-7fe2-4fff-85ff-858aaa24cdea HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=encp**hB;a ]Ɋ& !XB;a F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=388c949a-7fe2-4fff-85ff-858aaa24cdea HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==h**`B;a ]Ɋ& !XB;a F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=388c949a-7fe2-4fff-85ff-858aaa24cdea HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`B;a ]Ɋ& !XB;a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=388c949a-7fe2-4fff-85ff-858aaa24cdea HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**hB;a ]Ɋ& !XB;a F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=388c949a-7fe2-4fff-85ff-858aaa24cdea HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d623h**B;a ]Ɋ&  !B;a F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=388c949a-7fe2-4fff-85ff-858aaa24cdea HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=18cc5699-16ba-4e26-96ba-eba9b8ebe805 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ledo**o;a ]Ɋ& !o;a F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=388c949a-7fe2-4fff-85ff-858aaa24cdea HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=18cc5699-16ba-4e26-96ba-eba9b8ebe805 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om**8o;a ]Ɋ& !Xo;a F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e62c3d27-d114-4324-93f5-2761137de8c9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na8**Po;a ]Ɋ& !Xo;a F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e62c3d27-d114-4324-93f5-2761137de8c9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CoP**Po;a ]Ɋ& !Xo;a F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e62c3d27-d114-4324-93f5-2761137de8c9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es['P**Ho;a ]Ɋ& !Xo;a F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e62c3d27-d114-4324-93f5-2761137de8c9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2c18H**Ho;a ]Ɋ& !Xo;a F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e62c3d27-d114-4324-93f5-2761137de8c9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**Ho;a ]Ɋ& !Xo;a F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e62c3d27-d114-4324-93f5-2761137de8c9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=On H**o;a ]Ɋ& !o;a F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e62c3d27-d114-4324-93f5-2761137de8c9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e9f8963-00d3-49d1-a9d0-d84d2340f6ad PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Pa**o;a ]Ɋ& !o;a F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e62c3d27-d114-4324-93f5-2761137de8c9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e9f8963-00d3-49d1-a9d0-d84d2340f6ad PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f**Xo;a ]Ɋ& !Xo;a F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5f074028-48a6-4af1-8ba6-26fd456f95ee HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]X**po;a ]Ɋ& !Xo;a F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5f074028-48a6-4af1-8ba6-26fd456f95ee HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**ho;a ]Ɋ& !Xo;a F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5f074028-48a6-4af1-8ba6-26fd456f95ee HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Veh**`o;a ]Ɋ& !Xo;a F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5f074028-48a6-4af1-8ba6-26fd456f95ee HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=na`**`o;a ]Ɋ& !Xo;a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5f074028-48a6-4af1-8ba6-26fd456f95ee HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma`**`o;a ]Ɋ& !Xo;a F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5f074028-48a6-4af1-8ba6-26fd456f95ee HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**o;a ]Ɋ& !o;a F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5f074028-48a6-4af1-8ba6-26fd456f95ee HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e8d509bf-2a33-41fa-9b89-1f5d865134dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**o;a ]Ɋ& !o;a F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5f074028-48a6-4af1-8ba6-26fd456f95ee HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e8d509bf-2a33-41fa-9b89-1f5d865134dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d=9**(o;a ]Ɋ& !Xo;a F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bbe7bc25-3a32-4257-85c6-59b78232bd8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@o;a ]Ɋ& !Xo;a F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bbe7bc25-3a32-4257-85c6-59b78232bd8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b@**@o;a ]Ɋ& !Xo;a F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bbe7bc25-3a32-4257-85c6-59b78232bd8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th=@**8o;a ]Ɋ& !Xo;a F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bbe7bc25-3a32-4257-85c6-59b78232bd8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**8o;a ]Ɋ& !Xo;a F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bbe7bc25-3a32-4257-85c6-59b78232bd8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers8**8o;a ]Ɋ& !Xo;a F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bbe7bc25-3a32-4257-85c6-59b78232bd8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**o;a ]Ɋ& !o;a F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bbe7bc25-3a32-4257-85c6-59b78232bd8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=584131d9-e065-410b-9091-91dddf055963 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**;a ]Ɋ& !;a F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bbe7bc25-3a32-4257-85c6-59b78232bd8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=584131d9-e065-410b-9091-91dddf055963 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**Xj;a ]Ɋ& !Xj;a F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=59208c60-2c52-46a0-80f3-b2a494fcf4a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pj;a ]Ɋ& !Xj;a F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=59208c60-2c52-46a0-80f3-b2a494fcf4a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**pj;a ]Ɋ& !Xj;a F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=59208c60-2c52-46a0-80f3-b2a494fcf4a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mbep**hj;a ]Ɋ& !Xj;a F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=59208c60-2c52-46a0-80f3-b2a494fcf4a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hj;a ]Ɋ& !Xj;a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=59208c60-2c52-46a0-80f3-b2a494fcf4a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linh**hj;a ]Ɋ& !Xj;a F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=59208c60-2c52-46a0-80f3-b2a494fcf4a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f-h**j;a ]Ɋ&  !j;a F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=59208c60-2c52-46a0-80f3-b2a494fcf4a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b67bdbd-633a-4dfa-8176-2c4b0e6e4b50 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **_;a ]Ɋ& !_;a F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=59208c60-2c52-46a0-80f3-b2a494fcf4a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b67bdbd-633a-4dfa-8176-2c4b0e6e4b50 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pro**_;a ]Ɋ& '!X_;a F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eac3cadd-4330-4f1f-8d71-10c3d082250d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-**_;a ]Ɋ& ?!X_;a F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eac3cadd-4330-4f1f-8d71-10c3d082250d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:etCultureInf ]Ɋ& ctX_;a F&ion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnk@8 !+&Mu=VysMc&&** _;a ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X_;a F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eac3cadd-4330-4f1f-8d71-10c3d082250d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **_;a ]Ɋ& 3!X_;a F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eac3cadd-4330-4f1f-8d71-10c3d082250d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**_;a ]Ɋ& 3!X_;a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eac3cadd-4330-4f1f-8d71-10c3d082250d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5-1**_;a ]Ɋ& 5!X_;a F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eac3cadd-4330-4f1f-8d71-10c3d082250d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0_;a ]Ɋ& !_;a F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eac3cadd-4330-4f1f-8d71-10c3d082250d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=59ea2c47-654c-4847-b5ef-a3cdca26fc91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el0**@;a ]Ɋ& !;a F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eac3cadd-4330-4f1f-8d71-10c3d082250d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=59ea2c47-654c-4847-b5ef-a3cdca26fc91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@** ic ]Ɋ& )!X ic F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=71e2a5e5-3710-470b-b8b1-d32523d79c73 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNa** ic ]Ɋ& A!X ic F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=71e2a5e5-3710-470b-b8b1-d32523d79c73 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ru** ic ]Ɋ& =!X ic F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=71e2a5e5-3710-470b-b8b1-d32523d79c73 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ay** ic ]Ɋ& 5!X ic F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=71e2a5e5-3710-470b-b8b1-d32523d79c73 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa** ic ]Ɋ& 5!X ic F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=71e2a5e5-3710-470b-b8b1-d32523d79c73 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=85** ic ]Ɋ& 7!X ic F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=71e2a5e5-3710-470b-b8b1-d32523d79c73 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**0 ic ]Ɋ& ! ic F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=71e2a5e5-3710-470b-b8b1-d32523d79c73 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5698440a-8097-42f5-bee8-3267f995227f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@8c ]Ɋ& !8c F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=71e2a5e5-3710-470b-b8b1-d32523d79c73 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5698440a-8097-42f5-bee8-3267f995227f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**X8c ]Ɋ& !X8c F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a7617f35-c44e-4345-b093-5a437e958907 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p8c ]Ɋ& !X8c F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a7617f35-c44e-4345-b093-5a437e958907 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fp**h8c ]Ɋ& !X8c F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a7617f35-c44e-4345-b093-5a437e958907 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**`8c ]Ɋ& !X8c F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a7617f35-c44e-4345-b093-5a437e958907 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**`8c ]Ɋ& !X8c F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a7617f35-c44e-4345-b093-5a437e958907 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**h8c ]Ɋ& !X8c F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a7617f35-c44e-4345-b093-5a437e958907 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iablh**8c ]Ɋ&  !8c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a7617f35-c44e-4345-b093-5a437e958907 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c634c44-40ac-4658-99d2-46651cf2f9d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **2c ]Ɋ& !2c F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a7617f35-c44e-4345-b093-5a437e958907 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c634c44-40ac-4658-99d2-46651cf2f9d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=so**82c ]Ɋ& !X2c F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b8ceed2a-ed12-40d2-8061-37de776f240b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**P2c ]Ɋ& !X2c F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b8ceed2a-ed12-40d2-8061-37de776f240b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=deP**P2c ]Ɋ& !X2c F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b8ceed2a-ed12-40d2-8061-37de776f240b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ysteP**H2c ]Ɋ& !X2c F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b8ceed2a-ed12-40d2-8061-37de776f240b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**H2c ]Ɋ& !X2c F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b8ceed2a-ed12-40d2-8061-37de776f240b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartH**H2c ]Ɋ& !X2c F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b8ceed2a-ed12-40d2-8061-37de776f240b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=VaH**2c ]Ɋ& !2c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b8ceed2a-ed12-40d2-8061-37de776f240b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=68cbff30-f9d3-4322-92c9-8b77037a1c2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ate**2c ]Ɋ& !2c F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b8ceed2a-ed12-40d2-8061-37de776f240b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=68cbff30-f9d3-4322-92c9-8b77037a1c2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**X2c ]Ɋ& !X2c F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4e4784e5-cc94-4f15-98d5-be4a435289b1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XX**p2c ]Ɋ& !X2c F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4e4784e5-cc94-4f15-98d5-be4a435289b1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andPp**h2c ]Ɋ& !X2c F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4e4784e5-cc94-4f15-98d5-be4a435289b1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t h**`2c ]Ɋ& !X2c F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4e4784e5-cc94-4f15-98d5-be4a435289b1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue`**`2c ]Ɋ& !X2c F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4e4784e5-cc94-4f15-98d5-be4a435289b1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e `**`2c ]Ɋ& !X2c F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4e4784e5-cc94-4f15-98d5-be4a435289b1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**ec ]Ɋ& !ec F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4e4784e5-cc94-4f15-98d5-be4a435289b1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=baf109a0-23e4-473f-83c1-b68bd5628aa5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ec ]Ɋ& !ec F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4e4784e5-cc94-4f15-98d5-be4a435289b1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=baf109a0-23e4-473f-83c1-b68bd5628aa5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(ec ]Ɋ& !Xec F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5bd8b455-cbbb-4c8a-baeb-7ac5c475b397 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@ec ]Ɋ& !Xec F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5bd8b455-cbbb-4c8a-baeb-7ac5c475b397 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=L@**@ec ]Ɋ& !Xec F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5bd8b455-cbbb-4c8a-baeb-7ac5c475b397 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dSi@**8ec ]Ɋ& !Xec F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5bd8b455-cbbb-4c8a-baeb-7ac5c475b397 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='8**8ec ]Ɋ& !Xec F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5bd8b455-cbbb-4c8a-baeb-7ac5c475b397 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndo8**8ec ]Ɋ& !Xec F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5bd8b455-cbbb-4c8a-baeb-7ac5c475b397 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=so8**ec ]Ɋ& !ec F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5bd8b455-cbbb-4c8a-baeb-7ac5c475b397 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b5c0b3fa-7e06-4a73-8ceb-fb69ecf49cb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**cc ]Ɋ& !cc F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5bd8b455-cbbb-4c8a-baeb-7ac5c475b397 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b5c0b3fa-7e06-4a73-8ceb-fb69ecf49cb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand**X- c ]Ɋ& !X- c F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=598b7128-a908-4ed9-9c08-ec3da5f24856 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p- c ]Ɋ& !X- c F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=598b7128-a908-4ed9-9c08-ec3da5f24856 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p- c ]Ɋ& !X- c F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=598b7128-a908-4ed9-9c08-ec3da5f24856 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e6ep**h- c ]Ɋ& !X- c F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=598b7128-a908-4ed9-9c08-ec3da5f24856 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPh**h- c ]Ɋ& !X- c F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=598b7128-a908-4ed9-9c08-ec3da5f24856 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h  ]Ɋ& nsX- c F&ndName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnkHλJ;tMu=VysMc&&**p - c ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!X- c F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=598b7128-a908-4ed9-9c08-ec3da5f24856 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp **- c ]Ɋ&  !- c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=598b7128-a908-4ed9-9c08-ec3da5f24856 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=944a0559-a300-4ace-b9db-cff4a3c41f1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**U c ]Ɋ& !U c F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=598b7128-a908-4ed9-9c08-ec3da5f24856 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=944a0559-a300-4ace-b9db-cff4a3c41f1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio**U c ]Ɋ& '!XU c F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=11f6589f-437e-47cd-ac29-4ee0a72b500f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**U c ]Ɋ& ?!XU c F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=11f6589f-437e-47cd-ac29-4ee0a72b500f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**U c ]Ɋ& ;!XU c F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=11f6589f-437e-47cd-ac29-4ee0a72b500f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**U c ]Ɋ& 3!XU c F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=11f6589f-437e-47cd-ac29-4ee0a72b500f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**U c ]Ɋ& 3!XU c F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=11f6589f-437e-47cd-ac29-4ee0a72b500f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t **U c ]Ɋ& 5!XU c F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=11f6589f-437e-47cd-ac29-4ee0a72b500f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0U c ]Ɋ& !U c F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=11f6589f-437e-47cd-ac29-4ee0a72b500f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7d7a2b07-4706-416c-9bd4-565c7f33306d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=250**@^ c ]Ɋ& !^ c F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=11f6589f-437e-47cd-ac29-4ee0a72b500f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7d7a2b07-4706-416c-9bd4-565c7f33306d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**MDee ]Ɋ& )!XMDee F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=42d3e211-aa0f-4fa8-a93a-79c1b003e8c0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**MDee ]Ɋ& A!XMDee F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=42d3e211-aa0f-4fa8-a93a-79c1b003e8c0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**MDee ]Ɋ& =!XMDee F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=42d3e211-aa0f-4fa8-a93a-79c1b003e8c0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la**MDee ]Ɋ& 5!XMDee F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=42d3e211-aa0f-4fa8-a93a-79c1b003e8c0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**MDee ]Ɋ& 5!XMDee F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=42d3e211-aa0f-4fa8-a93a-79c1b003e8c0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**MDee ]Ɋ& 7!XMDee F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=42d3e211-aa0f-4fa8-a93a-79c1b003e8c0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0MDee ]Ɋ& !MDee F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=42d3e211-aa0f-4fa8-a93a-79c1b003e8c0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d5e3405c-2ef1-4a62-bd84-1c2a2c67c596 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@zufe ]Ɋ& !zufe F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=42d3e211-aa0f-4fa8-a93a-79c1b003e8c0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d5e3405c-2ef1-4a62-bd84-1c2a2c67c596 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**Xzufe ]Ɋ& !Xzufe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d1b074db-cde4-450b-ab9b-3aeb9c7d8bba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pzufe ]Ɋ& !Xzufe F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d1b074db-cde4-450b-ab9b-3aeb9c7d8bba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hzufe ]Ɋ& !Xzufe F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d1b074db-cde4-450b-ab9b-3aeb9c7d8bba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`zufe ]Ɋ& !Xzufe F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d1b074db-cde4-450b-ab9b-3aeb9c7d8bba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`zufe ]Ɋ& !Xzufe F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d1b074db-cde4-450b-ab9b-3aeb9c7d8bba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hzufe ]Ɋ& !Xzufe F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d1b074db-cde4-450b-ab9b-3aeb9c7d8bba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vah**zufe ]Ɋ&  !zufe F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d1b074db-cde4-450b-ab9b-3aeb9c7d8bba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=40e97e0b-d598-457e-a9ea-0fb1de238522 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineS**zufe ]Ɋ& !zufe F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d1b074db-cde4-450b-ab9b-3aeb9c7d8bba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=40e97e0b-d598-457e-a9ea-0fb1de238522 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8zufe ]Ɋ& !Xzufe F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=542980c2-88cd-4eae-b0ad-8354e6f3ecfb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=am8**Pzufe ]Ɋ& !Xzufe F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=542980c2-88cd-4eae-b0ad-8354e6f3ecfb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PP**Pzufe ]Ɋ& !Xzufe F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=542980c2-88cd-4eae-b0ad-8354e6f3ecfb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSyP**Hzufe ]Ɋ& !Xzufe F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=542980c2-88cd-4eae-b0ad-8354e6f3ecfb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hzufe ]Ɋ& !Xzufe F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=542980c2-88cd-4eae-b0ad-8354e6f3ecfb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cH**Hzufe ]Ɋ& !Xzufe F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=542980c2-88cd-4eae-b0ad-8354e6f3ecfb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H** ge ]Ɋ& !ge  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=542980c2-88cd-4eae-b0ad-8354e6f3ecfb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=abe7fca8-58a1-4b94-8d6e-a89153a62138 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ge ]Ɋ& !ge  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=542980c2-88cd-4eae-b0ad-8354e6f3ecfb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=abe7fca8-58a1-4b94-8d6e-a89153a62138 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X ge ]Ɋ& !Xge  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9f5c6cb1-948f-446d-a567-8b4ed9ed7074 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p ge ]Ɋ& !Xge  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9f5c6cb1-948f-446d-a567-8b4ed9ed7074 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h ge ]Ɋ& !Xge  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9f5c6cb1-948f-446d-a567-8b4ed9ed7074 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`ge ]Ɋ& !Xge F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9f5c6cb1-948f-446d-a567-8b4ed9ed7074 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ps`**`ge ]Ɋ& !Xge F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9f5c6cb1-948f-446d-a567-8b4ed9ed7074 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`ge ]Ɋ& !Xge F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9f5c6cb1-948f-446d-a567-8b4ed9ed7074 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q`**ge ]Ɋ& !ge F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9f5c6cb1-948f-446d-a567-8b4ed9ed7074 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5dedab31-92c4-43e9-9143-405d0e142b79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**ge ]Ɋ& !ge F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9f5c6cb1-948f-446d-a567-8b4ed9ed7074 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5dedab31-92c4-43e9-9143-405d0e142b79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(ge ]Ɋ& !Xge F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1768c-2e2b-4358-91ab-6a4949fc4561 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@ge ]Ɋ& !Xge F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1768c-2e2b-4358-91ab-6a4949fc4561 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S@**@ge ]Ɋ& !Xge F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1768c-2e2b-4358-91ab-6a4949fc4561 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=etC@**8ge ]Ɋ& !Xge F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1768c-2e2b-4358-91ab-6a4949fc4561 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNa8**8ge ]Ɋ& !Xge F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1768c-2e2b-4358-91ab-6a4949fc4561 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8ge ]Ɋ& !Xge F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1768c-2e2b-4358-91ab-6a4949fc4561 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**ge ]Ɋ& !ge F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1768c-2e2b-4358-91ab-6a4949fc4561 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f367d882-313d-4096-8396-dd180ddb538f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**>?he ]Ɋ& !>?he F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1768c-2e2b-4358-91ab-6a4949fc4561 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f367d882-313d-4096-8396-dd180ddb538f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== riptName=  ]Ɋ& Xkpie F&nsX- c F&ndName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnkLLHMu=VysMc&&**` kpie ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!Xkpie F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b8ef539d-1430-4525-94b7-c2a71c280f12 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **pkpie ]Ɋ& !Xkpie F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b8ef539d-1430-4525-94b7-c2a71c280f12 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**pkpie ]Ɋ& !Xkpie F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b8ef539d-1430-4525-94b7-c2a71c280f12 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**hkpie ]Ɋ& !Xkpie F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b8ef539d-1430-4525-94b7-c2a71c280f12 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**hkpie ]Ɋ& !Xkpie F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b8ef539d-1430-4525-94b7-c2a71c280f12 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h kpie ]Ɋ& !Xkpie  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b8ef539d-1430-4525-94b7-c2a71c280f12 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**! je ]Ɋ&  ! je! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b8ef539d-1430-4525-94b7-c2a71c280f12 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ab2e3eac-2862-4662-a5c1-c6f880c25e66 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**" je ]Ɋ& ! je" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b8ef539d-1430-4525-94b7-c2a71c280f12 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ab2e3eac-2862-4662-a5c1-c6f880c25e66 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**#je ]Ɋ& '!Xje# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c93ea2c7-e4b3-4670-8bee-f10a945cc16d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**$je ]Ɋ& ?!Xje$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c93ea2c7-e4b3-4670-8bee-f10a945cc16d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**%je ]Ɋ& ;!Xje% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c93ea2c7-e4b3-4670-8bee-f10a945cc16d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8-a**&je ]Ɋ& 3!Xje& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c93ea2c7-e4b3-4670-8bee-f10a945cc16d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**'je ]Ɋ& 3!Xje' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c93ea2c7-e4b3-4670-8bee-f10a945cc16d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a93**(je ]Ɋ& 5!Xje( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c93ea2c7-e4b3-4670-8bee-f10a945cc16d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0)je ]Ɋ& !je) F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c93ea2c7-e4b3-4670-8bee-f10a945cc16d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=eb599fd4-9f20-4a35-adce-bf17fb26c011 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@*.:ke ]Ɋ& !.:ke* F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c93ea2c7-e4b3-4670-8bee-f10a945cc16d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=eb599fd4-9f20-4a35-adce-bf17fb26c011 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**+'Fh ]Ɋ& )!X'Fh+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9bf6ea16-6e96-4b2f-b863-f9f1f6d02c76 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**,'Fh ]Ɋ& A!X'Fh, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9bf6ea16-6e96-4b2f-b863-f9f1f6d02c76 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **-'Fh ]Ɋ& =!X'Fh- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9bf6ea16-6e96-4b2f-b863-f9f1f6d02c76 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**.'Fh ]Ɋ& 5!X'Fh. F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9bf6ea16-6e96-4b2f-b863-f9f1f6d02c76 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**/'Fh ]Ɋ& 5!X'Fh/ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9bf6ea16-6e96-4b2f-b863-f9f1f6d02c76 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0'Fh ]Ɋ& 7!X'Fh0 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9bf6ea16-6e96-4b2f-b863-f9f1f6d02c76 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **01t(Fh ]Ɋ& !t(Fh1 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9bf6ea16-6e96-4b2f-b863-f9f1f6d02c76 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=961db68f-65e1-476e-a1af-3019bb5aada4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@2) )Fh ]Ɋ& !) )Fh2 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9bf6ea16-6e96-4b2f-b863-f9f1f6d02c76 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=961db68f-65e1-476e-a1af-3019bb5aada4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**X3) )Fh ]Ɋ& !X) )Fh3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=49298dbf-d9b4-4b93-b1ce-bf989782b4a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zX**p4) )Fh ]Ɋ& !X) )Fh4 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=49298dbf-d9b4-4b93-b1ce-bf989782b4a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**h5) )Fh ]Ɋ& !X) )Fh5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=49298dbf-d9b4-4b93-b1ce-bf989782b4a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`6) )Fh ]Ɋ& !X) )Fh6 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=49298dbf-d9b4-4b93-b1ce-bf989782b4a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**`7) )Fh ]Ɋ& !X) )Fh7 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=49298dbf-d9b4-4b93-b1ce-bf989782b4a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**h8) )Fh ]Ɋ& !X) )Fh8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=49298dbf-d9b4-4b93-b1ce-bf989782b4a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih**9) )Fh ]Ɋ&  !) )Fh9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=49298dbf-d9b4-4b93-b1ce-bf989782b4a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9afedff7-ce36-433c-818b-c75e3e898c28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**:)Fh ]Ɋ& !)Fh: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=49298dbf-d9b4-4b93-b1ce-bf989782b4a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9afedff7-ce36-433c-818b-c75e3e898c28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8;)Fh ]Ɋ& !X)Fh; F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6e6ce28-2d49-442d-a9c3-c23873382674 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**P<)Fh ]Ɋ& !X)Fh< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6e6ce28-2d49-442d-a9c3-c23873382674 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**P=)Fh ]Ɋ& !X)Fh= F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6e6ce28-2d49-442d-a9c3-c23873382674 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**H>)Fh ]Ɋ& !X)Fh> F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6e6ce28-2d49-442d-a9c3-c23873382674 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**H?)Fh ]Ɋ& !X)Fh? F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6e6ce28-2d49-442d-a9c3-c23873382674 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**H@)Fh ]Ɋ& !X)Fh@ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6e6ce28-2d49-442d-a9c3-c23873382674 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**A)Fh ]Ɋ& !)FhA F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6e6ce28-2d49-442d-a9c3-c23873382674 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=435fe6ef-239e-407b-9ec7-7c8e86025686 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **B)Fh ]Ɋ& !)FhB F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6e6ce28-2d49-442d-a9c3-c23873382674 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=435fe6ef-239e-407b-9ec7-7c8e86025686 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**XC)Fh ]Ɋ& !X)FhC F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=48f1ff34-3869-42b3-baf2-404bfc36a00a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pD)Fh ]Ɋ& !X)FhD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=48f1ff34-3869-42b3-baf2-404bfc36a00a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**hE)Fh ]Ɋ& !X)FhE F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=48f1ff34-3869-42b3-baf2-404bfc36a00a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`F)Fh ]Ɋ& !X)FhF F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=48f1ff34-3869-42b3-baf2-404bfc36a00a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`G)Fh ]Ɋ& !X)FhG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=48f1ff34-3869-42b3-baf2-404bfc36a00a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`H)Fh ]Ɋ& !X)FhH F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=48f1ff34-3869-42b3-baf2-404bfc36a00a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**I)Fh ]Ɋ& !)FhI F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=48f1ff34-3869-42b3-baf2-404bfc36a00a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad720ec5-0b1f-4497-9532-47a7abef3e1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**J)Fh ]Ɋ& !)FhJ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=48f1ff34-3869-42b3-baf2-404bfc36a00a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad720ec5-0b1f-4497-9532-47a7abef3e1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(KV>*Fh ]Ɋ& !XV>*FhK F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9ccf7faa-ab56-4e42-8797-62e5aca59454 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@LV>*Fh ]Ɋ& !XV>*FhL F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9ccf7faa-ab56-4e42-8797-62e5aca59454 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @riptName=  ]Ɋ& XV>*FhM F&nsX- c F&ndName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnkM}M}P WwccxMu=VysMc&&**@ MV>*Fh ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!XV>*FhM F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9ccf7faa-ab56-4e42-8797-62e5aca59454 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8NV>*Fh ]Ɋ& !XV>*FhN F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9ccf7faa-ab56-4e42-8797-62e5aca59454 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8OV>*Fh ]Ɋ& !XV>*FhO F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9ccf7faa-ab56-4e42-8797-62e5aca59454 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8PV>*Fh ]Ɋ& !XV>*FhP F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9ccf7faa-ab56-4e42-8797-62e5aca59454 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**QV>*Fh ]Ɋ& !V>*FhQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9ccf7faa-ab56-4e42-8797-62e5aca59454 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fd052bc1-4dfc-4f0d-96b7-002465ee75f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re**R*Fh ]Ɋ& !*FhR F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9ccf7faa-ab56-4e42-8797-62e5aca59454 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fd052bc1-4dfc-4f0d-96b7-002465ee75f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**XS,Fh ]Ɋ& !X,FhS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e465e982-58b7-4a50-a31b-fc72c81a21bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**pT,Fh ]Ɋ& !X,FhT F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e465e982-58b7-4a50-a31b-fc72c81a21bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pU,Fh ]Ɋ& !X,FhU F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e465e982-58b7-4a50-a31b-fc72c81a21bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**hV,Fh ]Ɋ& !X,FhV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e465e982-58b7-4a50-a31b-fc72c81a21bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**hW,Fh ]Ɋ& !X,FhW F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e465e982-58b7-4a50-a31b-fc72c81a21bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hX,Fh ]Ɋ& !X,FhX F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e465e982-58b7-4a50-a31b-fc72c81a21bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**Y,Fh ]Ɋ&  !,FhY F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e465e982-58b7-4a50-a31b-fc72c81a21bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e8677b5-0040-4898-831b-2271c88fd798 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**ZF9-Fh ]Ɋ& !F9-FhZ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e465e982-58b7-4a50-a31b-fc72c81a21bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e8677b5-0040-4898-831b-2271c88fd798 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**[F9-Fh ]Ɋ& '!XF9-Fh[ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3d7273dc-655e-4be0-a3ca-0f50a74eaf9d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**\F9-Fh ]Ɋ& ?!XF9-Fh\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3d7273dc-655e-4be0-a3ca-0f50a74eaf9d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**]F9-Fh ]Ɋ& ;!XF9-Fh] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3d7273dc-655e-4be0-a3ca-0f50a74eaf9d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4b**^F9-Fh ]Ɋ& 3!XF9-Fh^ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3d7273dc-655e-4be0-a3ca-0f50a74eaf9d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****_F9-Fh ]Ɋ& 3!XF9-Fh_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3d7273dc-655e-4be0-a3ca-0f50a74eaf9d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b2f**`F9-Fh ]Ɋ& 5!XF9-Fh` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3d7273dc-655e-4be0-a3ca-0f50a74eaf9d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0aF9-Fh ]Ɋ& !F9-Fha F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3d7273dc-655e-4be0-a3ca-0f50a74eaf9d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=70a4ab13-e52c-4a1b-8999-93908448ff5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@bsj.Fh ]Ɋ& !sj.Fhb F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3d7273dc-655e-4be0-a3ca-0f50a74eaf9d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=70a4ab13-e52c-4a1b-8999-93908448ff5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**c֋j ]Ɋ& )!X֋jc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=95fef83c-b6b6-4f73-ad7c-2ad50f1d58ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**d֋j ]Ɋ& A!X֋jd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=95fef83c-b6b6-4f73-ad7c-2ad50f1d58ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId**e֋j ]Ɋ& =!X֋je F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=95fef83c-b6b6-4f73-ad7c-2ad50f1d58ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**f֋j ]Ɋ& 5!X֋jf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=95fef83c-b6b6-4f73-ad7c-2ad50f1d58ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/**g֋j ]Ɋ& 5!X֋jg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=95fef83c-b6b6-4f73-ad7c-2ad50f1d58ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b4**h֋j ]Ɋ& 7!X֋jh F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=95fef83c-b6b6-4f73-ad7c-2ad50f1d58ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0i֋j ]Ɋ& !֋ji F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=95fef83c-b6b6-4f73-ad7c-2ad50f1d58ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=160aad4f-96cb-414b-b342-cd744d981dff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@jj ]Ɋ& !jj F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=95fef83c-b6b6-4f73-ad7c-2ad50f1d58ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=160aad4f-96cb-414b-b342-cd744d981dff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**Xkj ]Ɋ& !Xjk F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=63c30562-e0f6-44b8-909b-10a4e75397f2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**plj ]Ɋ& !Xjl F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=63c30562-e0f6-44b8-909b-10a4e75397f2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hmj ]Ɋ& !Xjm F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=63c30562-e0f6-44b8-909b-10a4e75397f2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`nj ]Ɋ& !Xjn F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=63c30562-e0f6-44b8-909b-10a4e75397f2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`oj ]Ɋ& !Xjo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=63c30562-e0f6-44b8-909b-10a4e75397f2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**hpj ]Ɋ& !Xjp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=63c30562-e0f6-44b8-909b-10a4e75397f2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**qj ]Ɋ&  !jq F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=63c30562-e0f6-44b8-909b-10a4e75397f2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bdb1a556-de85-4841-ab7b-4e4d58b2f778 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**rj ]Ɋ& !jr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=63c30562-e0f6-44b8-909b-10a4e75397f2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bdb1a556-de85-4841-ab7b-4e4d58b2f778 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8sUj ]Ɋ& !XUjs F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=393b0313-21eb-40dc-b265-84e7006617a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**PtUj ]Ɋ& !XUjt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=393b0313-21eb-40dc-b265-84e7006617a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**PuUj ]Ɋ& !XUju F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=393b0313-21eb-40dc-b265-84e7006617a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**HvUj ]Ɋ& !XUjv F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=393b0313-21eb-40dc-b265-84e7006617a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**HwUj ]Ɋ& !XUjw F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=393b0313-21eb-40dc-b265-84e7006617a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**HxUj ]Ɋ& !XUjx F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=393b0313-21eb-40dc-b265-84e7006617a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**yUj ]Ɋ& !Ujy F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=393b0313-21eb-40dc-b265-84e7006617a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=40a48a82-4380-40af-986e-4337f6c6cee5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**zUj ]Ɋ& !Ujz F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=393b0313-21eb-40dc-b265-84e7006617a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=40a48a82-4380-40af-986e-4337f6c6cee5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**X{Uj ]Ɋ& !XUj{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6d16dbf5-806f-4a59-9edd-cb058029a4fa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*FhX**p|Uj ]Ɋ& !XUj| F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6d16dbf5-806f-4a59-9edd-cb058029a4fa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h}Uj ]Ɋ& !XUj} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6d16dbf5-806f-4a59-9edd-cb058029a4fa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  XUj~ F&CommandPath= CommandLine= @riptName=  ]Ɋ& XV>*FhM F&nsX- c F&ndName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnk~~X Mr Mu=VysMc&&**h~Uj ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!XUj~ F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6d16dbf5-806f-4a59-9edd-cb058029a4fa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`Uj ]Ɋ& !XUj F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6d16dbf5-806f-4a59-9edd-cb058029a4fa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`Uj ]Ɋ& !XUj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6d16dbf5-806f-4a59-9edd-cb058029a4fa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**Uj ]Ɋ& !Uj F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6d16dbf5-806f-4a59-9edd-cb058029a4fa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad93f525-e85e-4d6a-bda8-de246dd3cbc3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Uj ]Ɋ& !Uj F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6d16dbf5-806f-4a59-9edd-cb058029a4fa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad93f525-e85e-4d6a-bda8-de246dd3cbc3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(0j ]Ɋ& !X0j F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d8aed-4633-4b49-b260-4aaa45f568d7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@0j ]Ɋ& !X0j F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d8aed-4633-4b49-b260-4aaa45f568d7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@0j ]Ɋ& !X0j F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d8aed-4633-4b49-b260-4aaa45f568d7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**80j ]Ɋ& !X0j F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d8aed-4633-4b49-b260-4aaa45f568d7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**80j ]Ɋ& !X0j F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d8aed-4633-4b49-b260-4aaa45f568d7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**80j ]Ɋ& !X0j F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d8aed-4633-4b49-b260-4aaa45f568d7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8**0j ]Ɋ& !0j F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d8aed-4633-4b49-b260-4aaa45f568d7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=15ad0f16-06c7-4707-8f7f-d0eaff15232d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**Ɔj ]Ɋ& !Ɔj F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d8aed-4633-4b49-b260-4aaa45f568d7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=15ad0f16-06c7-4707-8f7f-d0eaff15232d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**X󷡙j ]Ɋ& !X󷡙j F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b891d698-6196-44d3-9571-119082024289 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p󷡙j ]Ɋ& !X󷡙j F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b891d698-6196-44d3-9571-119082024289 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p󷡙j ]Ɋ& !X󷡙j F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b891d698-6196-44d3-9571-119082024289 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h󷡙j ]Ɋ& !X󷡙j F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b891d698-6196-44d3-9571-119082024289 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**h󷡙j ]Ɋ& !X󷡙j F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b891d698-6196-44d3-9571-119082024289 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**h󷡙j ]Ɋ& !X󷡙j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b891d698-6196-44d3-9571-119082024289 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3dh**󷡙j ]Ɋ&  !󷡙j F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b891d698-6196-44d3-9571-119082024289 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1620bcd-a0f3-4497-99f5-1f7017b8b945 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **Pj ]Ɋ& !Pj F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b891d698-6196-44d3-9571-119082024289 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1620bcd-a0f3-4497-99f5-1f7017b8b945 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base** 颙j ]Ɋ& '!X 颙j F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5d013b96-421f-41cc-8efa-95d05146a272 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(** 颙j ]Ɋ& ?!X 颙j F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5d013b96-421f-41cc-8efa-95d05146a272 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B** 颙j ]Ɋ& ;!X 颙j F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5d013b96-421f-41cc-8efa-95d05146a272 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe** 颙j ]Ɋ& 3!X 颙j F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5d013b96-421f-41cc-8efa-95d05146a272 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F** 颙j ]Ɋ& 3!X 颙j F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5d013b96-421f-41cc-8efa-95d05146a272 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers** 颙j ]Ɋ& 5!X 颙j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5d013b96-421f-41cc-8efa-95d05146a272 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0 颙j ]Ɋ& ! 颙j F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5d013b96-421f-41cc-8efa-95d05146a272 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=001c8cde-cac8-4226-a712-efb22f1b7710 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=810**@j ]Ɋ& !j F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5d013b96-421f-41cc-8efa-95d05146a272 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=001c8cde-cac8-4226-a712-efb22f1b7710 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @**l ]Ɋ& )!Xl F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b16803aa-4165-461f-a87a-1db5dc0ea5b2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**l ]Ɋ& A!Xl F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b16803aa-4165-461f-a87a-1db5dc0ea5b2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**l ]Ɋ& =!Xl F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b16803aa-4165-461f-a87a-1db5dc0ea5b2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **l ]Ɋ& 5!Xl F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b16803aa-4165-461f-a87a-1db5dc0ea5b2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**l ]Ɋ& 5!Xl F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b16803aa-4165-461f-a87a-1db5dc0ea5b2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**l ]Ɋ& 7!Xl F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b16803aa-4165-461f-a87a-1db5dc0ea5b2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0Ul ]Ɋ& !Ul F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b16803aa-4165-461f-a87a-1db5dc0ea5b2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8ec18c09-e12e-4e0b-92ba-944b88589a03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@5l ]Ɋ& !5l F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b16803aa-4165-461f-a87a-1db5dc0ea5b2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8ec18c09-e12e-4e0b-92ba-944b88589a03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==63@**X5l ]Ɋ& !X5l F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8147119c-433c-4c14-9da9-66bbcaab906d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConX**p5l ]Ɋ& !X5l F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8147119c-433c-4c14-9da9-66bbcaab906d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVp**h5l ]Ɋ& !X5l F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8147119c-433c-4c14-9da9-66bbcaab906d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**`5l ]Ɋ& !X5l F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8147119c-433c-4c14-9da9-66bbcaab906d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3`**`5l ]Ɋ& !X5l F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8147119c-433c-4c14-9da9-66bbcaab906d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**h5l ]Ɋ& !X5l F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8147119c-433c-4c14-9da9-66bbcaab906d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0661h**5l ]Ɋ&  !5l F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8147119c-433c-4c14-9da9-66bbcaab906d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=89c108a0-dd1a-44fa-b405-21af0fffc1a5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=us |**l ]Ɋ& !l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8147119c-433c-4c14-9da9-66bbcaab906d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=89c108a0-dd1a-44fa-b405-21af0fffc1a5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sE**8l ]Ɋ& !Xl F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5795dc80-ec19-41fb-b3c5-1a43bf2ef66b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**Pl ]Ɋ& !Xl F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5795dc80-ec19-41fb-b3c5-1a43bf2ef66b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liP**Pl ]Ɋ& !Xl F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5795dc80-ec19-41fb-b3c5-1a43bf2ef66b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=29a4P**Hl ]Ɋ& !Xl F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5795dc80-ec19-41fb-b3c5-1a43bf2ef66b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FHndName=  ]Ɋ& maXl ElfChnkH:Mu=VysMc&&**Hl ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!Xl F&F%g>9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5795dc80-ec19-41fb-b3c5-1a43bf2ef66b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**Hl ]Ɋ& !Xl F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5795dc80-ec19-41fb-b3c5-1a43bf2ef66b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**l ]Ɋ& !l F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5795dc80-ec19-41fb-b3c5-1a43bf2ef66b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12e27d13-233a-46ef-ab74-176cc23c9324 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**l ]Ɋ& !l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5795dc80-ec19-41fb-b3c5-1a43bf2ef66b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12e27d13-233a-46ef-ab74-176cc23c9324 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**Xl ]Ɋ& !Xl F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=813c0fee-67d3-49a7-82e8-7404c24c5019 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pl ]Ɋ& !Xl F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=813c0fee-67d3-49a7-82e8-7404c24c5019 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hl ]Ɋ& !Xl F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=813c0fee-67d3-49a7-82e8-7404c24c5019 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`l ]Ɋ& !Xl F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=813c0fee-67d3-49a7-82e8-7404c24c5019 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`l ]Ɋ& !Xl F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=813c0fee-67d3-49a7-82e8-7404c24c5019 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`l ]Ɋ& !Xl F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=813c0fee-67d3-49a7-82e8-7404c24c5019 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**l ]Ɋ& !l F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=813c0fee-67d3-49a7-82e8-7404c24c5019 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd51c935-9b8d-45e9-8420-17862294b5f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**l ]Ɋ& !l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=813c0fee-67d3-49a7-82e8-7404c24c5019 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd51c935-9b8d-45e9-8420-17862294b5f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(gl ]Ɋ& !Xgl F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dba1d504-5bac-4627-bcdd-0f4ea3890840 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3(**@gl ]Ɋ& !Xgl F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dba1d504-5bac-4627-bcdd-0f4ea3890840 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@gl ]Ɋ& !Xgl F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dba1d504-5bac-4627-bcdd-0f4ea3890840 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8gl ]Ɋ& !Xgl F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dba1d504-5bac-4627-bcdd-0f4ea3890840 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8gl ]Ɋ& !Xgl F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dba1d504-5bac-4627-bcdd-0f4ea3890840 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8gl ]Ɋ& !Xgl F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dba1d504-5bac-4627-bcdd-0f4ea3890840 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**gl ]Ɋ& !gl F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dba1d504-5bac-4627-bcdd-0f4ea3890840 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9ca034cb-42b9-49cf-8844-dd2913ac16af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **l ]Ɋ& !l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dba1d504-5bac-4627-bcdd-0f4ea3890840 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9ca034cb-42b9-49cf-8844-dd2913ac16af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**X0l ]Ɋ& !X0l F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=74b0ec3c-47af-4314-87f2-c037edfc0feb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p0l ]Ɋ& !X0l F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=74b0ec3c-47af-4314-87f2-c037edfc0feb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p0l ]Ɋ& !X0l F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=74b0ec3c-47af-4314-87f2-c037edfc0feb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**h0l ]Ɋ& !X0l F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=74b0ec3c-47af-4314-87f2-c037edfc0feb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**h0l ]Ɋ& !X0l F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=74b0ec3c-47af-4314-87f2-c037edfc0feb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**h0l ]Ɋ& !X0l F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=74b0ec3c-47af-4314-87f2-c037edfc0feb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**0l ]Ɋ&  !0l F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=74b0ec3c-47af-4314-87f2-c037edfc0feb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc3c6002-d3b4-4b84-a573-fab23dac9a42 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**rl ]Ɋ& !rl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=74b0ec3c-47af-4314-87f2-c037edfc0feb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc3c6002-d3b4-4b84-a573-fab23dac9a42 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=** bl ]Ɋ& '!X bl F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=49ef0626-536e-4fe8-a7a1-0ca540de64d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** bl ]Ɋ& ?!X bl F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=49ef0626-536e-4fe8-a7a1-0ca540de64d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e** bl ]Ɋ& ;!X bl F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=49ef0626-536e-4fe8-a7a1-0ca540de64d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed** bl ]Ɋ& 3!X bl F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=49ef0626-536e-4fe8-a7a1-0ca540de64d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th ** bl ]Ɋ& 3!X bl F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=49ef0626-536e-4fe8-a7a1-0ca540de64d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov** bl ]Ɋ& 5!X bl F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=49ef0626-536e-4fe8-a7a1-0ca540de64d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0 bl ]Ɋ& ! bl F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=49ef0626-536e-4fe8-a7a1-0ca540de64d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=22c7e76e-7aa3-407a-bec4-91da1d2bad90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@l ]Ɋ& !l F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=49ef0626-536e-4fe8-a7a1-0ca540de64d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=22c7e76e-7aa3-407a-bec4-91da1d2bad90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-944@**`o ]Ɋ& )!X`o F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=25a5e5bd-ad3b-4777-9d25-fa453a688147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**`o ]Ɋ& A!X`o F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=25a5e5bd-ad3b-4777-9d25-fa453a688147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**`o ]Ɋ& =!X`o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=25a5e5bd-ad3b-4777-9d25-fa453a688147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=66**`o ]Ɋ& 5!X`o F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=25a5e5bd-ad3b-4777-9d25-fa453a688147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**`o ]Ɋ& 5!X`o F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=25a5e5bd-ad3b-4777-9d25-fa453a688147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**`o ]Ɋ& 7!X`o F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=25a5e5bd-ad3b-4777-9d25-fa453a688147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0`o ]Ɋ& !`o F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=25a5e5bd-ad3b-4777-9d25-fa453a688147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=292e5b1f-ed81-4adb-b95b-4fdd1a694efa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ C`o ]Ɋ& ! C`o F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=25a5e5bd-ad3b-4777-9d25-fa453a688147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=292e5b1f-ed81-4adb-b95b-4fdd1a694efa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X C`o ]Ɋ& !X C`o F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=321842a5-2a78-472b-9ca3-8bcbdb9fd5ea HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p C`o ]Ɋ& !X C`o F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=321842a5-2a78-472b-9ca3-8bcbdb9fd5ea HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h C`o ]Ɋ& !X C`o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=321842a5-2a78-472b-9ca3-8bcbdb9fd5ea HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**` C`o ]Ɋ& !X C`o F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=321842a5-2a78-472b-9ca3-8bcbdb9fd5ea HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**` C`o ]Ɋ& !X C`o F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=321842a5-2a78-472b-9ca3-8bcbdb9fd5ea HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==` FHnd ]Ɋ& X C`o F& ElfChnk*p,Mu=VysMc&&**h C`o ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! I!X C`o F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=321842a5-2a78-472b-9ca3-8bcbdb9fd5ea HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h** C`o ]Ɋ&  ! C`o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=321842a5-2a78-472b-9ca3-8bcbdb9fd5ea HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5686557b-6b85-4cfe-b3a8-16de60c5b6f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** C`o ]Ɋ& ! C`o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=321842a5-2a78-472b-9ca3-8bcbdb9fd5ea HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5686557b-6b85-4cfe-b3a8-16de60c5b6f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8۹`o ]Ɋ& !X۹`o F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8216e4dc-dc8a-4d1c-b7ed-82445743b02b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P۹`o ]Ɋ& !X۹`o F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8216e4dc-dc8a-4d1c-b7ed-82445743b02b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P۹`o ]Ɋ& !X۹`o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8216e4dc-dc8a-4d1c-b7ed-82445743b02b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**H۹`o ]Ɋ& !X۹`o F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8216e4dc-dc8a-4d1c-b7ed-82445743b02b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**H۹`o ]Ɋ& !X۹`o F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8216e4dc-dc8a-4d1c-b7ed-82445743b02b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**H۹`o ]Ɋ& !X۹`o F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8216e4dc-dc8a-4d1c-b7ed-82445743b02b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H**۹`o ]Ɋ& !۹`o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8216e4dc-dc8a-4d1c-b7ed-82445743b02b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c369ba3-7ec0-42d4-8028-42953db1152f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**۹`o ]Ɋ& !۹`o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8216e4dc-dc8a-4d1c-b7ed-82445743b02b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c369ba3-7ec0-42d4-8028-42953db1152f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X۹`o ]Ɋ& !X۹`o F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c75e8d01-23d0-4668-b220-b10d14537d0e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**p۹`o ]Ɋ& !X۹`o F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c75e8d01-23d0-4668-b220-b10d14537d0e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**h۹`o ]Ɋ& !X۹`o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c75e8d01-23d0-4668-b220-b10d14537d0e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`۹`o ]Ɋ& !X۹`o F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c75e8d01-23d0-4668-b220-b10d14537d0e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`۹`o ]Ɋ& !X۹`o F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c75e8d01-23d0-4668-b220-b10d14537d0e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`۹`o ]Ɋ& !X۹`o F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c75e8d01-23d0-4668-b220-b10d14537d0e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**۹`o ]Ɋ& !۹`o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c75e8d01-23d0-4668-b220-b10d14537d0e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=623b88ec-99a7-4dd3-aff4-7f67dacfe202 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**۹`o ]Ɋ& !۹`o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c75e8d01-23d0-4668-b220-b10d14537d0e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=623b88ec-99a7-4dd3-aff4-7f67dacfe202 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(Mt`o ]Ɋ& !XMt`o F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9552aa80-a119-4528-852c-20cbb38045fb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@Mt`o ]Ɋ& !XMt`o F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9552aa80-a119-4528-852c-20cbb38045fb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@Mt`o ]Ɋ& !XMt`o F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9552aa80-a119-4528-852c-20cbb38045fb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**8Mt`o ]Ɋ& !XMt`o F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9552aa80-a119-4528-852c-20cbb38045fb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8Mt`o ]Ɋ& !XMt`o F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9552aa80-a119-4528-852c-20cbb38045fb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8Mt`o ]Ɋ& !XMt`o F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9552aa80-a119-4528-852c-20cbb38045fb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Mt`o ]Ɋ& !Mt`o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9552aa80-a119-4528-852c-20cbb38045fb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=09c34b0f-29f4-4c36-9d0c-e7376cdd2328 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an** `o ]Ɋ& ! `o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9552aa80-a119-4528-852c-20cbb38045fb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=09c34b0f-29f4-4c36-9d0c-e7376cdd2328 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**X>`o ]Ɋ& !X>`o F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e1db6ed2-378e-4055-a7b2-b9cfb9b9079d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**p>`o ]Ɋ& !X>`o F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e1db6ed2-378e-4055-a7b2-b9cfb9b9079d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p>`o ]Ɋ& !X>`o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e1db6ed2-378e-4055-a7b2-b9cfb9b9079d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfop**h>`o ]Ɋ& !X>`o F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e1db6ed2-378e-4055-a7b2-b9cfb9b9079d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insh**h>`o ]Ɋ& !X>`o F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e1db6ed2-378e-4055-a7b2-b9cfb9b9079d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIdh**h>`o ]Ɋ& !X>`o F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e1db6ed2-378e-4055-a7b2-b9cfb9b9079d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omh**>`o ]Ɋ&  !>`o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e1db6ed2-378e-4055-a7b2-b9cfb9b9079d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3dee9c43-7e02-4106-b543-e8e2acdb29a0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ּ`o ]Ɋ& !ּ`o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e1db6ed2-378e-4055-a7b2-b9cfb9b9079d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3dee9c43-7e02-4106-b543-e8e2acdb29a0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oleH**>o`o ]Ɋ& '!X>o`o F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=de0365f2-1e9e-4453-9939-d8e729a56cc0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**>o`o ]Ɋ& ?!X>o`o F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=de0365f2-1e9e-4453-9939-d8e729a56cc0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**>o`o ]Ɋ& ;!X>o`o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=de0365f2-1e9e-4453-9939-d8e729a56cc0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**>o`o ]Ɋ& 3!X>o`o F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=de0365f2-1e9e-4453-9939-d8e729a56cc0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **>o`o ]Ɋ& 3!X>o`o F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=de0365f2-1e9e-4453-9939-d8e729a56cc0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame**>o`o ]Ɋ& 5!X>o`o F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=de0365f2-1e9e-4453-9939-d8e729a56cc0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rs**0 >o`o ]Ɋ& !>o`o  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=de0365f2-1e9e-4453-9939-d8e729a56cc0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=51730135-1b81-4523-8860-6dd02453d278 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er0**@ `o ]Ɋ& !`o  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=de0365f2-1e9e-4453-9939-d8e729a56cc0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=51730135-1b81-4523-8860-6dd02453d278 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=94ef@** p ]Ɋ& )!Xp  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a30aaaa8-8837-49c5-832c-d5f7db43726d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=prod** p ]Ɋ& A!Xp  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a30aaaa8-8837-49c5-832c-d5f7db43726d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se** p ]Ɋ& =!Xp  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a30aaaa8-8837-49c5-832c-d5f7db43726d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d5**p ]Ɋ& 5!Xp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a30aaaa8-8837-49c5-832c-d5f7db43726d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**p ]Ɋ& 5!Xp F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a30aaaa8-8837-49c5-832c-d5f7db43726d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**p ]Ɋ& 7!Xp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a30aaaa8-8837-49c5-832c-d5f7db43726d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk@@MMu=VysMc&&**8p ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !p F&F%g>9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a30aaaa8-8837-49c5-832c-d5f7db43726d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0d849fac-a691-4b50-a12d-d334f078ec01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@p ]Ɋ& !p F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a30aaaa8-8837-49c5-832c-d5f7db43726d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0d849fac-a691-4b50-a12d-d334f078ec01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**Xp ]Ɋ& !Xp F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a56c4993-27c4-4b93-9eff-dfafb1db3540 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**pp ]Ɋ& !Xp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a56c4993-27c4-4b93-9eff-dfafb1db3540 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**hp ]Ɋ& !Xp F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a56c4993-27c4-4b93-9eff-dfafb1db3540 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**`p ]Ɋ& !Xp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a56c4993-27c4-4b93-9eff-dfafb1db3540 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**`p ]Ɋ& !Xp F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a56c4993-27c4-4b93-9eff-dfafb1db3540 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**hp ]Ɋ& !Xp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a56c4993-27c4-4b93-9eff-dfafb1db3540 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh**p ]Ɋ&  !p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a56c4993-27c4-4b93-9eff-dfafb1db3540 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8cd017f8-cc59-452b-bcb2-62c87125b54c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**Wmp ]Ɋ& !Wmp F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a56c4993-27c4-4b93-9eff-dfafb1db3540 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8cd017f8-cc59-452b-bcb2-62c87125b54c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8Wmp ]Ɋ& !XWmp F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=800e10d8-4477-400f-bdf2-756f4509f6c2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**PWmp ]Ɋ& !XWmp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=800e10d8-4477-400f-bdf2-756f4509f6c2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**PWmp ]Ɋ& !XWmp F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=800e10d8-4477-400f-bdf2-756f4509f6c2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**HWmp ]Ɋ& !XWmp F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=800e10d8-4477-400f-bdf2-756f4509f6c2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**HWmp ]Ɋ& !XWmp F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=800e10d8-4477-400f-bdf2-756f4509f6c2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**H Wmp ]Ɋ& !XWmp  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=800e10d8-4477-400f-bdf2-756f4509f6c2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH**!Wmp ]Ɋ& !Wmp! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=800e10d8-4477-400f-bdf2-756f4509f6c2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b486eb5f-f371-4f06-b96e-9dca4bacb3e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN**"Wmp ]Ɋ& !Wmp" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=800e10d8-4477-400f-bdf2-756f4509f6c2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b486eb5f-f371-4f06-b96e-9dca4bacb3e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X#Wmp ]Ɋ& !XWmp# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b44d54e5-5839-42ff-99ef-a9ecbdd903bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==623X**p$Wmp ]Ɋ& !XWmp$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b44d54e5-5839-42ff-99ef-a9ecbdd903bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**h%Wmp ]Ɋ& !XWmp% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b44d54e5-5839-42ff-99ef-a9ecbdd903bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**`&Wmp ]Ɋ& !XWmp& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b44d54e5-5839-42ff-99ef-a9ecbdd903bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**`'Wmp ]Ɋ& !XWmp' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b44d54e5-5839-42ff-99ef-a9ecbdd903bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**`(Wmp ]Ɋ& !XWmp( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b44d54e5-5839-42ff-99ef-a9ecbdd903bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**)Wmp ]Ɋ& !Wmp) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b44d54e5-5839-42ff-99ef-a9ecbdd903bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=286a7b6c-913e-4bd7-a3aa-8f47f78e437d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d***p ]Ɋ& !p* F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b44d54e5-5839-42ff-99ef-a9ecbdd903bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=286a7b6c-913e-4bd7-a3aa-8f47f78e437d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(+p ]Ɋ& !Xp+ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=91c78925-9e1a-4a6d-acf7-efe6b50b83e0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@,p ]Ɋ& !Xp, F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=91c78925-9e1a-4a6d-acf7-efe6b50b83e0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@-p ]Ɋ& !Xp- F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=91c78925-9e1a-4a6d-acf7-efe6b50b83e0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**8.p ]Ɋ& !Xp. F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=91c78925-9e1a-4a6d-acf7-efe6b50b83e0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**8/p ]Ɋ& !Xp/ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=91c78925-9e1a-4a6d-acf7-efe6b50b83e0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**80p ]Ɋ& !Xp0 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=91c78925-9e1a-4a6d-acf7-efe6b50b83e0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**1p ]Ɋ& !p1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=91c78925-9e1a-4a6d-acf7-efe6b50b83e0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ae76c443-6395-40d3-93ca-2ff8f7bd26e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru**2p ]Ɋ& !p2 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=91c78925-9e1a-4a6d-acf7-efe6b50b83e0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ae76c443-6395-40d3-93ca-2ff8f7bd26e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**X3Ghp ]Ɋ& !XGhp3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c558a47-2fa3-4382-ac02-b08e1df19433 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**p4Ghp ]Ɋ& !XGhp4 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c558a47-2fa3-4382-ac02-b08e1df19433 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**p5Ghp ]Ɋ& !XGhp5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c558a47-2fa3-4382-ac02-b08e1df19433 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**h6Ghp ]Ɋ& !XGhp6 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c558a47-2fa3-4382-ac02-b08e1df19433 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**h7Ghp ]Ɋ& !XGhp7 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c558a47-2fa3-4382-ac02-b08e1df19433 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**h8Ghp ]Ɋ& !XGhp8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c558a47-2fa3-4382-ac02-b08e1df19433 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**9Ghp ]Ɋ&  !Ghp9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c558a47-2fa3-4382-ac02-b08e1df19433 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d3d546af-6d3d-4a45-b0b5-5012d17a8cd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**:p ]Ɋ& !p: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c558a47-2fa3-4382-ac02-b08e1df19433 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d3d546af-6d3d-4a45-b0b5-5012d17a8cd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var**;p ]Ɋ& '!Xp; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=048bd7de-7331-4f3e-8c14-a35c4ad103f1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**<p ]Ɋ& ?!Xp< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=048bd7de-7331-4f3e-8c14-a35c4ad103f1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**=p ]Ɋ& ;!Xp= F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=048bd7de-7331-4f3e-8c14-a35c4ad103f1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**>p ]Ɋ& 3!Xp> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=048bd7de-7331-4f3e-8c14-a35c4ad103f1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**?p ]Ɋ& 3!Xp? F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=048bd7de-7331-4f3e-8c14-a35c4ad103f1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@p ]Ɋ& 5!Xp@ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=048bd7de-7331-4f3e-8c14-a35c4ad103f1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 35pA F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**p ]Ɋ& 7!Xp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a30aaaa8-8837-49c5-832c-d5f7db43726d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkArArHUMu=VysMc&&**8 Ap ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !pA F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=048bd7de-7331-4f3e-8c14-a35c4ad103f1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2bed65fe-7060-4c67-8989-8cf1fb6ba3c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8-88 **@Btp ]Ɋ& !tpB F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=048bd7de-7331-4f3e-8c14-a35c4ad103f1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2bed65fe-7060-4c67-8989-8cf1fb6ba3c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**CL}r ]Ɋ& )!XL}rC F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=decdd446-88e6-4108-811d-551ee320cd90 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**DL}r ]Ɋ& A!XL}rD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=decdd446-88e6-4108-811d-551ee320cd90 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **EL}r ]Ɋ& =!XL}rE F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=decdd446-88e6-4108-811d-551ee320cd90 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **FL}r ]Ɋ& 5!XL}rF F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=decdd446-88e6-4108-811d-551ee320cd90 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=93**GL}r ]Ɋ& 5!XL}rG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=decdd446-88e6-4108-811d-551ee320cd90 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**HL}r ]Ɋ& 7!XL}rH F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=decdd446-88e6-4108-811d-551ee320cd90 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0IL}r ]Ɋ& !L}rI F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=decdd446-88e6-4108-811d-551ee320cd90 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=38128327-4c02-46ab-a1fc-735833d95789 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@J} }r ]Ɋ& !} }rJ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=decdd446-88e6-4108-811d-551ee320cd90 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=38128327-4c02-46ab-a1fc-735833d95789 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**XK} }r ]Ɋ& !X} }rK F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8f0a941f-d813-4b33-964e-e424658d4e7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pL} }r ]Ɋ& !X} }rL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8f0a941f-d813-4b33-964e-e424658d4e7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hM} }r ]Ɋ& !X} }rM F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8f0a941f-d813-4b33-964e-e424658d4e7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`N} }r ]Ɋ& !X} }rN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8f0a941f-d813-4b33-964e-e424658d4e7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`O} }r ]Ɋ& !X} }rO F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8f0a941f-d813-4b33-964e-e424658d4e7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hP} }r ]Ɋ& !X} }rP F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8f0a941f-d813-4b33-964e-e424658d4e7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ph**Q} }r ]Ɋ&  !} }rQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8f0a941f-d813-4b33-964e-e424658d4e7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b12523d-05e0-486b-b3b5-78d3a73593bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**R} }r ]Ɋ& !} }rR F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8f0a941f-d813-4b33-964e-e424658d4e7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b12523d-05e0-486b-b3b5-78d3a73593bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**8S} }r ]Ɋ& !X} }rS F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dff2c50a-c4e3-427c-97bd-42bc307f48a3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PT} }r ]Ɋ& !X} }rT F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dff2c50a-c4e3-427c-97bd-42bc307f48a3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PU} }r ]Ɋ& !X} }rU F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dff2c50a-c4e3-427c-97bd-42bc307f48a3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**HV} }r ]Ɋ& !X} }rV F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dff2c50a-c4e3-427c-97bd-42bc307f48a3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HW} }r ]Ɋ& !X} }rW F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dff2c50a-c4e3-427c-97bd-42bc307f48a3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HX} }r ]Ɋ& !X} }rX F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dff2c50a-c4e3-427c-97bd-42bc307f48a3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Y} }r ]Ɋ& !} }rY F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dff2c50a-c4e3-427c-97bd-42bc307f48a3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3d34fdb-342a-44b4-8fc1-2fb2d17d1b5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Z }r ]Ɋ& ! }rZ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dff2c50a-c4e3-427c-97bd-42bc307f48a3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3d34fdb-342a-44b4-8fc1-2fb2d17d1b5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X[ }r ]Ɋ& !X }r[ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0a2c8c7-2133-414f-8032-d87ec994b199 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p\ }r ]Ɋ& !X }r\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0a2c8c7-2133-414f-8032-d87ec994b199 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**h] }r ]Ɋ& !X }r] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0a2c8c7-2133-414f-8032-d87ec994b199 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`^ }r ]Ɋ& !X }r^ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0a2c8c7-2133-414f-8032-d87ec994b199 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=89`**`_ }r ]Ɋ& !X }r_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0a2c8c7-2133-414f-8032-d87ec994b199 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**`` }r ]Ɋ& !X }r` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0a2c8c7-2133-414f-8032-d87ec994b199 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**a }r ]Ɋ& ! }ra F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0a2c8c7-2133-414f-8032-d87ec994b199 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=18653b3f-ff63-40e9-aed2-c02ac4c13016 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**b }r ]Ɋ& ! }rb F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0a2c8c7-2133-414f-8032-d87ec994b199 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=18653b3f-ff63-40e9-aed2-c02ac4c13016 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(c }r ]Ɋ& !X }rc F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d8fc6986-9049-4a4c-8f23-8c0240c8c292 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@d }r ]Ɋ& !X }rd F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d8fc6986-9049-4a4c-8f23-8c0240c8c292 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@e }r ]Ɋ& !X }re F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d8fc6986-9049-4a4c-8f23-8c0240c8c292 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**8f }r ]Ɋ& !X }rf F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d8fc6986-9049-4a4c-8f23-8c0240c8c292 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**8g }r ]Ɋ& !X }rg F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d8fc6986-9049-4a4c-8f23-8c0240c8c292 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8h }r ]Ɋ& !X }rh F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d8fc6986-9049-4a4c-8f23-8c0240c8c292 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**i }r ]Ɋ& ! }ri F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d8fc6986-9049-4a4c-8f23-8c0240c8c292 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e78297aa-b045-4794-b703-891da3ce26ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**j }r ]Ɋ& ! }rj F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d8fc6986-9049-4a4c-8f23-8c0240c8c292 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e78297aa-b045-4794-b703-891da3ce26ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**Xkx }r ]Ɋ& !Xx }rk F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4cdc0fa5-54d5-4f96-94d4-d21720d861bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**plx }r ]Ɋ& !Xx }rl F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4cdc0fa5-54d5-4f96-94d4-d21720d861bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pmx }r ]Ɋ& !Xx }rm F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4cdc0fa5-54d5-4f96-94d4-d21720d861bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**hnx }r ]Ɋ& !Xx }rn F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4cdc0fa5-54d5-4f96-94d4-d21720d861bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**hox }r ]Ɋ& !Xx }ro F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4cdc0fa5-54d5-4f96-94d4-d21720d861bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**hpx }r ]Ɋ& !Xx }rp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4cdc0fa5-54d5-4f96-94d4-d21720d861bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**qx }r ]Ɋ&  !x }rq F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4cdc0fa5-54d5-4f96-94d4-d21720d861bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f2b4625-4089-4607-9965-761da58d04c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**rz }r ]Ɋ& !z }rr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4cdc0fa5-54d5-4f96-94d4-d21720d861bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f2b4625-4089-4607-9965-761da58d04c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=35p ]Ɋ&  CXz }rs F&ommandPath= CommandLine=wP**p ]Ɋ& 7!Xp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a30aaaa8-8837-49c5-832c-d5f7db43726d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkss( UMu=VysMc&&** sz }r ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xz }rs F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c445fdb5-aca5-4149-9176-9effabab5304 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **tz }r ]Ɋ& ?!Xz }rt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c445fdb5-aca5-4149-9176-9effabab5304 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**uz }r ]Ɋ& ;!Xz }ru F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c445fdb5-aca5-4149-9176-9effabab5304 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **vz }r ]Ɋ& 3!Xz }rv F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c445fdb5-aca5-4149-9176-9effabab5304 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**wz }r ]Ɋ& 3!Xz }rw F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c445fdb5-aca5-4149-9176-9effabab5304 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**xz }r ]Ɋ& 5!Xz }rx F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c445fdb5-aca5-4149-9176-9effabab5304 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0yz }r ]Ɋ& !z }ry F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c445fdb5-aca5-4149-9176-9effabab5304 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=93f556f2-9d2e-453b-acf2-e3147680e4ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@z }r ]Ɋ& ! }rz F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c445fdb5-aca5-4149-9176-9effabab5304 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=93f556f2-9d2e-453b-acf2-e3147680e4ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @**{صt ]Ɋ& )!Xصt{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e1f24421-c35b-419c-ade8-d9b4a20d2581 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**|صt ]Ɋ& A!Xصt| F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e1f24421-c35b-419c-ade8-d9b4a20d2581 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsta**}صt ]Ɋ& =!Xصt} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e1f24421-c35b-419c-ade8-d9b4a20d2581 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=33**~صt ]Ɋ& 5!Xصt~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e1f24421-c35b-419c-ade8-d9b4a20d2581 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**صt ]Ɋ& 5!Xصt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e1f24421-c35b-419c-ade8-d9b4a20d2581 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**صt ]Ɋ& 7!Xصt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e1f24421-c35b-419c-ade8-d9b4a20d2581 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0صt ]Ɋ& !صt F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e1f24421-c35b-419c-ade8-d9b4a20d2581 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bf48c86e-68f2-47ff-8ad0-52002faeb4d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**@t ]Ɋ& !t F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e1f24421-c35b-419c-ade8-d9b4a20d2581 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bf48c86e-68f2-47ff-8ad0-52002faeb4d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**Xt ]Ɋ& !Xt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=df269cd9-ea5d-4a71-8e1e-4e831c46a461 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**pt ]Ɋ& !Xt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=df269cd9-ea5d-4a71-8e1e-4e831c46a461 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**ht ]Ɋ& !Xt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=df269cd9-ea5d-4a71-8e1e-4e831c46a461 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`t ]Ɋ& !Xt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=df269cd9-ea5d-4a71-8e1e-4e831c46a461 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**`t ]Ɋ& !Xt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=df269cd9-ea5d-4a71-8e1e-4e831c46a461 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**ht ]Ɋ& !Xt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=df269cd9-ea5d-4a71-8e1e-4e831c46a461 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=} h**t ]Ɋ&  !t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=df269cd9-ea5d-4a71-8e1e-4e831c46a461 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4859ff52-d0f3-425c-9f4b-ee11b315e56c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**t ]Ɋ& !t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=df269cd9-ea5d-4a71-8e1e-4e831c46a461 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4859ff52-d0f3-425c-9f4b-ee11b315e56c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8t ]Ɋ& !Xt F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=83442d52-ad1d-41f6-bf31-e2151e969eab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pt ]Ɋ& !Xt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=83442d52-ad1d-41f6-bf31-e2151e969eab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P**Pt ]Ɋ& !Xt F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=83442d52-ad1d-41f6-bf31-e2151e969eab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stP**Ht ]Ɋ& !Xt F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=83442d52-ad1d-41f6-bf31-e2151e969eab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**Ht ]Ɋ& !Xt F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=83442d52-ad1d-41f6-bf31-e2151e969eab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**Ht ]Ɋ& !Xt F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=83442d52-ad1d-41f6-bf31-e2151e969eab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ameH**t ]Ɋ& !t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=83442d52-ad1d-41f6-bf31-e2151e969eab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82f91110-1c70-4be0-83d1-361a5edd5e07 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **t ]Ɋ& !t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=83442d52-ad1d-41f6-bf31-e2151e969eab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82f91110-1c70-4be0-83d1-361a5edd5e07 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xt ]Ɋ& !Xt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0bc79606-3ef6-4791-8b2e-7f01a42ba8ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortX**pt ]Ɋ& !Xt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0bc79606-3ef6-4791-8b2e-7f01a42ba8ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=se.pp**ht ]Ɋ& !Xt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0bc79606-3ef6-4791-8b2e-7f01a42ba8ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cah**`t ]Ɋ& !Xt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0bc79606-3ef6-4791-8b2e-7f01a42ba8ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`t ]Ɋ& !Xt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0bc79606-3ef6-4791-8b2e-7f01a42ba8ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`t ]Ɋ& !Xt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0bc79606-3ef6-4791-8b2e-7f01a42ba8ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**t ]Ɋ& !t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0bc79606-3ef6-4791-8b2e-7f01a42ba8ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08c0cdb3-cc2a-4cec-a0f6-35215d93eb8a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R**t ]Ɋ& !t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0bc79606-3ef6-4791-8b2e-7f01a42ba8ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08c0cdb3-cc2a-4cec-a0f6-35215d93eb8a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obj**(2t ]Ɋ& !X2t F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6aef27d6-96d8-452c-b9f4-9e3faed6cc16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@2t ]Ɋ& !X2t F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6aef27d6-96d8-452c-b9f4-9e3faed6cc16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@2t ]Ɋ& !X2t F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6aef27d6-96d8-452c-b9f4-9e3faed6cc16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=217@**82t ]Ɋ& !X2t F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6aef27d6-96d8-452c-b9f4-9e3faed6cc16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**82t ]Ɋ& !X2t F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6aef27d6-96d8-452c-b9f4-9e3faed6cc16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tNa8**82t ]Ɋ& !X2t F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6aef27d6-96d8-452c-b9f4-9e3faed6cc16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge8**2t ]Ɋ& !2t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6aef27d6-96d8-452c-b9f4-9e3faed6cc16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7d7cd602-5743-479d-b707-25159e32800b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=al**Ȱt ]Ɋ& !Ȱt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6aef27d6-96d8-452c-b9f4-9e3faed6cc16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7d7cd602-5743-479d-b707-25159e32800b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=432N**Xzt ]Ɋ& !Xzt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=59acfbf3-c8ee-4b1b-bbf4-7ea261fed6bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EX**pzt ]Ɋ& !Xzt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=59acfbf3-c8ee-4b1b-bbf4-7ea261fed6bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pzt ]Ɋ& !Xzt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=59acfbf3-c8ee-4b1b-bbf4-7ea261fed6bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=pnsoleHost  ]Ɋ& c-Xzt F&n=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkB4ޔxMu=VysMc&&**h zt ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!Xzt F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=59acfbf3-c8ee-4b1b-bbf4-7ea261fed6bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **hzt ]Ɋ& !Xzt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=59acfbf3-c8ee-4b1b-bbf4-7ea261fed6bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**hzt ]Ɋ& !Xzt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=59acfbf3-c8ee-4b1b-bbf4-7ea261fed6bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch**zt ]Ɋ&  !zt F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=59acfbf3-c8ee-4b1b-bbf4-7ea261fed6bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a00fcba0-7e49-4621-b512-2845203e1e4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**"t ]Ɋ& !"t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=59acfbf3-c8ee-4b1b-bbf4-7ea261fed6bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a00fcba0-7e49-4621-b512-2845203e1e4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst**t ]Ɋ& '!Xt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=76c40244-bb23-47c8-b2e4-f6e5d78bd428 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**t ]Ɋ& ?!Xt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=76c40244-bb23-47c8-b2e4-f6e5d78bd428 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**t ]Ɋ& ;!Xt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=76c40244-bb23-47c8-b2e4-f6e5d78bd428 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**t ]Ɋ& 3!Xt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=76c40244-bb23-47c8-b2e4-f6e5d78bd428 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**t ]Ɋ& 3!Xt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=76c40244-bb23-47c8-b2e4-f6e5d78bd428 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**t ]Ɋ& 5!Xt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=76c40244-bb23-47c8-b2e4-f6e5d78bd428 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**0t ]Ɋ& !t F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=76c40244-bb23-47c8-b2e4-f6e5d78bd428 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4c61c41c-55a3-49a9-90f1-20a0c2748f55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@ODt ]Ɋ& !ODt F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=76c40244-bb23-47c8-b2e4-f6e5d78bd428 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4c61c41c-55a3-49a9-90f1-20a0c2748f55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**DQ,w ]Ɋ& )!XDQ,w F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=14a66fac-8c63-418d-a021-bab8b187850c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**DQ,w ]Ɋ& A!XDQ,w F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=14a66fac-8c63-418d-a021-bab8b187850c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**DQ,w ]Ɋ& =!XDQ,w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=14a66fac-8c63-418d-a021-bab8b187850c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**DQ,w ]Ɋ& 5!XDQ,w F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=14a66fac-8c63-418d-a021-bab8b187850c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g **DQ,w ]Ɋ& 5!XDQ,w F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=14a66fac-8c63-418d-a021-bab8b187850c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na**DQ,w ]Ɋ& 7!XDQ,w F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=14a66fac-8c63-418d-a021-bab8b187850c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0DQ,w ]Ɋ& !DQ,w F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=14a66fac-8c63-418d-a021-bab8b187850c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dcb1336a-2fd1-4695-9baf-c8d8bf56f316 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=30**@uR,w ]Ɋ& !uR,w F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=14a66fac-8c63-418d-a021-bab8b187850c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dcb1336a-2fd1-4695-9baf-c8d8bf56f316 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C@**XuR,w ]Ɋ& !XuR,w F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b156effa-c328-4339-9c11-3de07a156a06 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artX**puR,w ]Ɋ& !XuR,w F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b156effa-c328-4339-9c11-3de07a156a06 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceNp**huR,w ]Ɋ& !XuR,w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b156effa-c328-4339-9c11-3de07a156a06 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`uR,w ]Ɋ& !XuR,w F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b156effa-c328-4339-9c11-3de07a156a06 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**`uR,w ]Ɋ& !XuR,w F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b156effa-c328-4339-9c11-3de07a156a06 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s`**huR,w ]Ɋ& !XuR,w F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b156effa-c328-4339-9c11-3de07a156a06 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 h**uR,w ]Ɋ&  !uR,w F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b156effa-c328-4339-9c11-3de07a156a06 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ab90d914-50d8-446d-b01e-9ef9dfd9f570 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ppli**S,w ]Ɋ& !S,w F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b156effa-c328-4339-9c11-3de07a156a06 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ab90d914-50d8-446d-b01e-9ef9dfd9f570 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**8S,w ]Ɋ& !XS,w F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=20211342-3f39-4185-a292-39704ff0338e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e-8**PS,w ]Ɋ& !XS,w F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=20211342-3f39-4185-a292-39704ff0338e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=06P**PS,w ]Ɋ& !XS,w F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=20211342-3f39-4185-a292-39704ff0338e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HP**HS,w ]Ɋ& !XS,w F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=20211342-3f39-4185-a292-39704ff0338e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVerH**HS,w ]Ɋ& !XS,w F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=20211342-3f39-4185-a292-39704ff0338e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leHoH**HS,w ]Ɋ& !XS,w F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=20211342-3f39-4185-a292-39704ff0338e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stNH**S,w ]Ɋ& !S,w F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=20211342-3f39-4185-a292-39704ff0338e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b28c12da-c5f7-4b2e-9ed7-3c022ed98690 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsi**S,w ]Ɋ& !S,w F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=20211342-3f39-4185-a292-39704ff0338e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b28c12da-c5f7-4b2e-9ed7-3c022ed98690 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**XS,w ]Ɋ& !XS,w F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=23138ce0-dd06-4162-9719-f5695fbc3dda HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SX**pS,w ]Ɋ& !XS,w F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=23138ce0-dd06-4162-9719-f5695fbc3dda HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2p**hS,w ]Ɋ& !XS,w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=23138ce0-dd06-4162-9719-f5695fbc3dda HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**`S,w ]Ɋ& !XS,w F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=23138ce0-dd06-4162-9719-f5695fbc3dda HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`S,w ]Ɋ& !XS,w F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=23138ce0-dd06-4162-9719-f5695fbc3dda HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll`**`S,w ]Ɋ& !XS,w F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=23138ce0-dd06-4162-9719-f5695fbc3dda HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**S,w ]Ɋ& !S,w F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=23138ce0-dd06-4162-9719-f5695fbc3dda HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3ad77100-439c-44e1-be79-dc5c8673ab3c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**S,w ]Ɋ& !S,w F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=23138ce0-dd06-4162-9719-f5695fbc3dda HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3ad77100-439c-44e1-be79-dc5c8673ab3c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uen**(S,w ]Ɋ& !XS,w F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f35103a1-e2e3-4384-aa25-bd9f01cd680f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t(**@S,w ]Ɋ& !XS,w F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f35103a1-e2e3-4384-aa25-bd9f01cd680f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@S,w ]Ɋ& !XS,w F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f35103a1-e2e3-4384-aa25-bd9f01cd680f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**8S,w ]Ɋ& !XS,w F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f35103a1-e2e3-4384-aa25-bd9f01cd680f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liz8**8S,w ]Ɋ& !XS,w F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f35103a1-e2e3-4384-aa25-bd9f01cd680f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin8**8S,w ]Ɋ& !XS,w F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f35103a1-e2e3-4384-aa25-bd9f01cd680f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnk @:XY hMu=VysMc&&** S,w ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! m!S,w F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f35103a1-e2e3-4384-aa25-bd9f01cd680f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f37ccaf2-a05f-45b8-a790-3e19b1d33304 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio **?T,w ]Ɋ& !?T,w F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f35103a1-e2e3-4384-aa25-bd9f01cd680f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f37ccaf2-a05f-45b8-a790-3e19b1d33304 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izat**Xy V,w ]Ɋ& !Xy V,w F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f6519d64-38a8-4f03-8780-8ec409714f9c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**py V,w ]Ɋ& !Xy V,w F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f6519d64-38a8-4f03-8780-8ec409714f9c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**py V,w ]Ɋ& !Xy V,w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f6519d64-38a8-4f03-8780-8ec409714f9c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=opep**hy V,w ]Ɋ& !Xy V,w F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f6519d64-38a8-4f03-8780-8ec409714f9c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ltuh**hy V,w ]Ɋ& !Xy V,w F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f6519d64-38a8-4f03-8780-8ec409714f9c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hy V,w ]Ɋ& !Xy V,w F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f6519d64-38a8-4f03-8780-8ec409714f9c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Idh**y V,w ]Ɋ&  !y V,w F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f6519d64-38a8-4f03-8780-8ec409714f9c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8e60718f-1849-46af-9a93-1f8f2463bbcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**y V,w ]Ɋ& !y V,w F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f6519d64-38a8-4f03-8780-8ec409714f9c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8e60718f-1849-46af-9a93-1f8f2463bbcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**V,w ]Ɋ& '!XV,w F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee09d0b2-9df5-43b4-a32a-177fc9a1a84a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**V,w ]Ɋ& ?!XV,w F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee09d0b2-9df5-43b4-a32a-177fc9a1a84a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**V,w ]Ɋ& ;!XV,w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee09d0b2-9df5-43b4-a32a-177fc9a1a84a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**V,w ]Ɋ& 3!XV,w F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee09d0b2-9df5-43b4-a32a-177fc9a1a84a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**V,w ]Ɋ& 3!XV,w F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee09d0b2-9df5-43b4-a32a-177fc9a1a84a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**V,w ]Ɋ& 5!XV,w F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee09d0b2-9df5-43b4-a32a-177fc9a1a84a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0V,w ]Ɋ& !V,w F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee09d0b2-9df5-43b4-a32a-177fc9a1a84a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=52c69eb9-08a4-431c-9d8a-20b031676c0c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la0**@:W,w ]Ɋ& !:W,w F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee09d0b2-9df5-43b4-a32a-177fc9a1a84a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=52c69eb9-08a4-431c-9d8a-20b031676c0c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng -@**y ]Ɋ& )!Xy F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b0b5bcb7-c535-4015-8a9b-3dc3b3f28ab1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**y ]Ɋ& A!Xy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b0b5bcb7-c535-4015-8a9b-3dc3b3f28ab1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=39-9**y ]Ɋ& =!Xy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b0b5bcb7-c535-4015-8a9b-3dc3b3f28ab1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**y ]Ɋ& 5!Xy F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b0b5bcb7-c535-4015-8a9b-3dc3b3f28ab1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**y ]Ɋ& 5!Xy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b0b5bcb7-c535-4015-8a9b-3dc3b3f28ab1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**y ]Ɋ& 7!Xy F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b0b5bcb7-c535-4015-8a9b-3dc3b3f28ab1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**0y ]Ɋ& !y F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b0b5bcb7-c535-4015-8a9b-3dc3b3f28ab1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad974137-6c03-4d4c-ae54-f362de019d5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@¬y ]Ɋ& !¬y F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b0b5bcb7-c535-4015-8a9b-3dc3b3f28ab1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad974137-6c03-4d4c-ae54-f362de019d5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pel@**XS[y ]Ɋ& !XS[y F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f1bd204f-f143-4c16-a42d-0596b0c9f284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RX**pS[y ]Ɋ& !XS[y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f1bd204f-f143-4c16-a42d-0596b0c9f284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersp**hS[y ]Ɋ& !XS[y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f1bd204f-f143-4c16-a42d-0596b0c9f284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ph**`S[y ]Ɋ& !XS[y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f1bd204f-f143-4c16-a42d-0596b0c9f284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**`S[y ]Ɋ& !XS[y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f1bd204f-f143-4c16-a42d-0596b0c9f284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hS[y ]Ɋ& !XS[y F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f1bd204f-f143-4c16-a42d-0596b0c9f284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**S[y ]Ɋ&  !S[y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f1bd204f-f143-4c16-a42d-0596b0c9f284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6e4cdd3-9e2a-426e-a9e8-5fe2748ab961 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**S[y ]Ɋ& !S[y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f1bd204f-f143-4c16-a42d-0596b0c9f284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6e4cdd3-9e2a-426e-a9e8-5fe2748ab961 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**8y ]Ɋ& !Xy F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=05fccd97-b156-4249-807a-f09a2d3f32f6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt8**Py ]Ɋ& !Xy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=05fccd97-b156-4249-807a-f09a2d3f32f6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipP**Py ]Ɋ& !Xy F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=05fccd97-b156-4249-807a-f09a2d3f32f6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CommP**Hy ]Ɋ& !Xy F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=05fccd97-b156-4249-807a-f09a2d3f32f6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**Hy ]Ɋ& !Xy F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=05fccd97-b156-4249-807a-f09a2d3f32f6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PipH**Hy ]Ɋ& !Xy F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=05fccd97-b156-4249-807a-f09a2d3f32f6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspH**y ]Ɋ& !y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=05fccd97-b156-4249-807a-f09a2d3f32f6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b1d7870-1224-4341-876d-db06063ca749 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**y ]Ɋ& !y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=05fccd97-b156-4249-807a-f09a2d3f32f6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b1d7870-1224-4341-876d-db06063ca749 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**X%y ]Ɋ& !X%y F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07c7cfd9-8abf-498e-8985-65cd313b36fc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIdX**p%y ]Ɋ& !X%y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07c7cfd9-8abf-498e-8985-65cd313b36fc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obalp**h%y ]Ɋ& !X%y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07c7cfd9-8abf-498e-8985-65cd313b36fc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=x h**`%y ]Ɋ& !X%y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07c7cfd9-8abf-498e-8985-65cd313b36fc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`%y ]Ɋ& !X%y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07c7cfd9-8abf-498e-8985-65cd313b36fc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`%y ]Ɋ& !X%y F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07c7cfd9-8abf-498e-8985-65cd313b36fc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** %y ]Ɋ& !%y  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07c7cfd9-8abf-498e-8985-65cd313b36fc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d8ba8aa-a2c8-4ce8-8c11-6ecf5e4a928d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m** %y ]Ɋ& !%y  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07c7cfd9-8abf-498e-8985-65cd313b36fc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d8ba8aa-a2c8-4ce8-8c11-6ecf5e4a928d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= EnneVersion=  ]Ɋ& maX%y  F&ndPath= CommandLine=8F& ElfChnk ; ;׶?wMu=VysMc&&**0 %y ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X%y  F&F%g>9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2c2537ba-9b08-4cd9-a447-6dde0a7d3952 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0 **@ %y ]Ɋ& !X%y  F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2c2537ba-9b08-4cd9-a447-6dde0a7d3952 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P@**@ %y ]Ɋ& !X%y  F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2c2537ba-9b08-4cd9-a447-6dde0a7d3952 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lue@**8%y ]Ɋ& !X%y F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2c2537ba-9b08-4cd9-a447-6dde0a7d3952 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndo8**8%y ]Ɋ& !X%y F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2c2537ba-9b08-4cd9-a447-6dde0a7d3952 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c 8**8%y ]Ɋ& !X%y F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2c2537ba-9b08-4cd9-a447-6dde0a7d3952 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er8**%y ]Ɋ& !%y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2c2537ba-9b08-4cd9-a447-6dde0a7d3952 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a1876e64-a70d-4c5d-957d-a5ce70fcf176 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y V**y ]Ɋ& !y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2c2537ba-9b08-4cd9-a447-6dde0a7d3952 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a1876e64-a70d-4c5d-957d-a5ce70fcf176 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **Xqy ]Ɋ& !Xqy F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7d54fd21-0174-4635-b963-524798037c61 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**pqy ]Ɋ& !Xqy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7d54fd21-0174-4635-b963-524798037c61 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**pqy ]Ɋ& !Xqy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7d54fd21-0174-4635-b963-524798037c61 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rinp**hqy ]Ɋ& !Xqy F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7d54fd21-0174-4635-b963-524798037c61 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hqy ]Ɋ& !Xqy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7d54fd21-0174-4635-b963-524798037c61 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipth**hqy ]Ɋ& !Xqy F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7d54fd21-0174-4635-b963-524798037c61 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**qy ]Ɋ&  !qy F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7d54fd21-0174-4635-b963-524798037c61 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c44effb-6343-419d-ba09-648cad7b21df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eg** y ]Ɋ& ! y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7d54fd21-0174-4635-b963-524798037c61 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c44effb-6343-419d-ba09-648cad7b21df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0b2-** y ]Ɋ& '!X y F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3fd5eac7-5530-4d7a-ae38-fc2e84e4afc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==** y ]Ɋ& ?!X y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3fd5eac7-5530-4d7a-ae38-fc2e84e4afc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a** y ]Ɋ& ;!X y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3fd5eac7-5530-4d7a-ae38-fc2e84e4afc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d ** y ]Ɋ& 3!X y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3fd5eac7-5530-4d7a-ae38-fc2e84e4afc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI** y ]Ɋ& 3!X y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3fd5eac7-5530-4d7a-ae38-fc2e84e4afc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **  y ]Ɋ& 5!X y  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3fd5eac7-5530-4d7a-ae38-fc2e84e4afc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0! y ]Ɋ& ! y! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3fd5eac7-5530-4d7a-ae38-fc2e84e4afc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=dc368971-728f-40dc-8c2b-2aced580cf68 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si0**@"4Qy ]Ɋ& !4Qy" F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3fd5eac7-5530-4d7a-ae38-fc2e84e4afc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=dc368971-728f-40dc-8c2b-2aced580cf68 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**#0\{ ]Ɋ& )!X0\{# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a7ec97f2-752c-4999-93ed-43bc1df07ae1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**$0\{ ]Ɋ& A!X0\{$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a7ec97f2-752c-4999-93ed-43bc1df07ae1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**%0\{ ]Ɋ& =!X0\{% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a7ec97f2-752c-4999-93ed-43bc1df07ae1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mI**&0\{ ]Ɋ& 5!X0\{& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a7ec97f2-752c-4999-93ed-43bc1df07ae1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-f**'0\{ ]Ɋ& 5!X0\{' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a7ec97f2-752c-4999-93ed-43bc1df07ae1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**(0\{ ]Ɋ& 7!X0\{( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a7ec97f2-752c-4999-93ed-43bc1df07ae1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**0)0\{ ]Ɋ& !0\{) F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a7ec97f2-752c-4999-93ed-43bc1df07ae1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=88865b75-bf59-4d41-a329-e14f6594ec37 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@*]^{ ]Ɋ& !]^{* F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a7ec97f2-752c-4999-93ed-43bc1df07ae1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=88865b75-bf59-4d41-a329-e14f6594ec37 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X+]^{ ]Ɋ& !X]^{+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bb94d6d8-3971-4895-951a-a5918379cde5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= X**p,]^{ ]Ɋ& !X]^{, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bb94d6d8-3971-4895-951a-a5918379cde5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h-]^{ ]Ɋ& !X]^{- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bb94d6d8-3971-4895-951a-a5918379cde5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`.]^{ ]Ɋ& !X]^{. F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bb94d6d8-3971-4895-951a-a5918379cde5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`/]^{ ]Ɋ& !X]^{/ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bb94d6d8-3971-4895-951a-a5918379cde5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h0]^{ ]Ɋ& !X]^{0 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bb94d6d8-3971-4895-951a-a5918379cde5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**1]^{ ]Ɋ&  !]^{1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bb94d6d8-3971-4895-951a-a5918379cde5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=105f752a-53e5-4840-afec-853ec74914f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=None**2]^{ ]Ɋ& !]^{2 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bb94d6d8-3971-4895-951a-a5918379cde5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=105f752a-53e5-4840-afec-853ec74914f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**83]^{ ]Ɋ& !X]^{3 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=62fb7903-0862-4578-9dbe-9112edc46b81 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P4]^{ ]Ɋ& !X]^{4 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=62fb7903-0862-4578-9dbe-9112edc46b81 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P5]^{ ]Ɋ& !X]^{5 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=62fb7903-0862-4578-9dbe-9112edc46b81 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H6]^{ ]Ɋ& !X]^{6 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=62fb7903-0862-4578-9dbe-9112edc46b81 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H7]^{ ]Ɋ& !X]^{7 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=62fb7903-0862-4578-9dbe-9112edc46b81 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H8]^{ ]Ɋ& !X]^{8 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=62fb7903-0862-4578-9dbe-9112edc46b81 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**9]^{ ]Ɋ& !]^{9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=62fb7903-0862-4578-9dbe-9112edc46b81 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b16f30c-f22b-4246-9598-d2486de9765d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**:^{ ]Ɋ& !^{: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=62fb7903-0862-4578-9dbe-9112edc46b81 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b16f30c-f22b-4246-9598-d2486de9765d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X;^{ ]Ɋ& !X^{; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f10ebc06-7387-469f-82cb-de7280498ec8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mandXne= En ]Ɋ& X^{< F& F&ndPath= CommandLine=8F& ElfChnk<l<l@iIZJPMu=VysMc&&**p<^{ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!X^{< F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f10ebc06-7387-469f-82cb-de7280498ec8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**h=^{ ]Ɋ& !X^{= F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f10ebc06-7387-469f-82cb-de7280498ec8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**`>^{ ]Ɋ& !X^{> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f10ebc06-7387-469f-82cb-de7280498ec8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`?^{ ]Ɋ& !X^{? F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f10ebc06-7387-469f-82cb-de7280498ec8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=37`**`@^{ ]Ɋ& !X^{@ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f10ebc06-7387-469f-82cb-de7280498ec8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**A^{ ]Ɋ& !^{A F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f10ebc06-7387-469f-82cb-de7280498ec8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8f1f74c4-0ac7-4c59-8864-71a655f00c4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**B^{ ]Ɋ& !^{B F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f10ebc06-7387-469f-82cb-de7280498ec8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8f1f74c4-0ac7-4c59-8864-71a655f00c4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(C^{ ]Ɋ& !X^{C F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9f221bfa-2305-41c1-8267-36b319714b6c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@D^{ ]Ɋ& !X^{D F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9f221bfa-2305-41c1-8267-36b319714b6c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@E^{ ]Ɋ& !X^{E F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9f221bfa-2305-41c1-8267-36b319714b6c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**8F^{ ]Ɋ& !X^{F F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9f221bfa-2305-41c1-8267-36b319714b6c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8G^{ ]Ɋ& !X^{G F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9f221bfa-2305-41c1-8267-36b319714b6c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**8H^{ ]Ɋ& !X^{H F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9f221bfa-2305-41c1-8267-36b319714b6c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**I^{ ]Ɋ& !^{I F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9f221bfa-2305-41c1-8267-36b319714b6c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2a416026-d6fe-48b4-9aba-261ad02f06b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**JF_{ ]Ɋ& !F_{J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9f221bfa-2305-41c1-8267-36b319714b6c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2a416026-d6fe-48b4-9aba-261ad02f06b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**XKMa{ ]Ɋ& !XMa{K F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=79d8d07d-7146-4498-a147-e57aa8265b4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pLMa{ ]Ɋ& !XMa{L F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=79d8d07d-7146-4498-a147-e57aa8265b4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cp**pMMa{ ]Ɋ& !XMa{M F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=79d8d07d-7146-4498-a147-e57aa8265b4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**hNMa{ ]Ɋ& !XMa{N F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=79d8d07d-7146-4498-a147-e57aa8265b4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hOMa{ ]Ɋ& !XMa{O F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=79d8d07d-7146-4498-a147-e57aa8265b4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hPMa{ ]Ɋ& !XMa{P F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=79d8d07d-7146-4498-a147-e57aa8265b4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**QMa{ ]Ɋ&  !Ma{Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=79d8d07d-7146-4498-a147-e57aa8265b4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4cccdd02-d48a-40d1-ab9d-71588b58bb20 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Ra{ ]Ɋ& !a{R F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=79d8d07d-7146-4498-a147-e57aa8265b4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4cccdd02-d48a-40d1-ab9d-71588b58bb20 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4d7**Sa{ ]Ɋ& '!Xa{S F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a018d6e9-56ab-4b3a-aa0e-c79761bd078d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7**Ta{ ]Ɋ& ?!Xa{T F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a018d6e9-56ab-4b3a-aa0e-c79761bd078d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**Ua{ ]Ɋ& ;!Xa{U F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a018d6e9-56ab-4b3a-aa0e-c79761bd078d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que**Va{ ]Ɋ& 3!Xa{V F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a018d6e9-56ab-4b3a-aa0e-c79761bd078d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**Wa{ ]Ɋ& 3!Xa{W F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a018d6e9-56ab-4b3a-aa0e-c79761bd078d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**Xa{ ]Ɋ& 5!Xa{X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a018d6e9-56ab-4b3a-aa0e-c79761bd078d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0Ya{ ]Ɋ& !a{Y F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a018d6e9-56ab-4b3a-aa0e-c79761bd078d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1de8102d-570a-474b-ba72-6e33359e4b76 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@ZzAb{ ]Ɋ& !zAb{Z F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a018d6e9-56ab-4b3a-aa0e-c79761bd078d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1de8102d-570a-474b-ba72-6e33359e4b76 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**[>~ ]Ɋ& )!X>~[ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a6790fbd-fd6f-46da-8e6f-8108e1b32b94 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**\>~ ]Ɋ& A!X>~\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a6790fbd-fd6f-46da-8e6f-8108e1b32b94 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**]>~ ]Ɋ& =!X>~] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a6790fbd-fd6f-46da-8e6f-8108e1b32b94 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **^>~ ]Ɋ& 5!X>~^ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a6790fbd-fd6f-46da-8e6f-8108e1b32b94 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=95**_>~ ]Ɋ& 5!X>~_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a6790fbd-fd6f-46da-8e6f-8108e1b32b94 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**`>~ ]Ɋ& 7!X>~` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a6790fbd-fd6f-46da-8e6f-8108e1b32b94 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0a>~ ]Ɋ& !>~a F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a6790fbd-fd6f-46da-8e6f-8108e1b32b94 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4ece5161-06f2-4c17-8d0b-f89da5887d2a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@b>~ ]Ɋ& !>~b F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a6790fbd-fd6f-46da-8e6f-8108e1b32b94 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4ece5161-06f2-4c17-8d0b-f89da5887d2a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xc>~ ]Ɋ& !X>~c F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=28469f7b-b1ec-4db3-ae0a-11198128db14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**pd>~ ]Ɋ& !X>~d F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=28469f7b-b1ec-4db3-ae0a-11198128db14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**he>~ ]Ɋ& !X>~e F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=28469f7b-b1ec-4db3-ae0a-11198128db14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`f>~ ]Ɋ& !X>~f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=28469f7b-b1ec-4db3-ae0a-11198128db14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`g>~ ]Ɋ& !X>~g F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=28469f7b-b1ec-4db3-ae0a-11198128db14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hh>~ ]Ɋ& !X>~h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=28469f7b-b1ec-4db3-ae0a-11198128db14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**i>~ ]Ɋ&  !>~i F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=28469f7b-b1ec-4db3-ae0a-11198128db14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bf25d557-7979-4148-a6ed-bde4656eaaee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng**j>~ ]Ɋ& !>~j F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=28469f7b-b1ec-4db3-ae0a-11198128db14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bf25d557-7979-4148-a6ed-bde4656eaaee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8k>~ ]Ɋ& !X>~k F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=337a3bf0-5a2b-412e-b7e6-e0731cd3b696 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**Pl>~ ]Ɋ& !X>~l F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=337a3bf0-5a2b-412e-b7e6-e0731cd3b696 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF& F&ndPath= CommandLine=8F& ElfChnkmm w!SڠMu=VysMc&&**Pm>~ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!X>~m F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=337a3bf0-5a2b-412e-b7e6-e0731cd3b696 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**Hn>~ ]Ɋ& !X>~n F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=337a3bf0-5a2b-412e-b7e6-e0731cd3b696 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**Ho>~ ]Ɋ& !X>~o F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=337a3bf0-5a2b-412e-b7e6-e0731cd3b696 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**Hp>~ ]Ɋ& !X>~p F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=337a3bf0-5a2b-412e-b7e6-e0731cd3b696 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH**q>~ ]Ɋ& !>~q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=337a3bf0-5a2b-412e-b7e6-e0731cd3b696 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=96dfb8c4-af3a-493f-ab11-34691a7f976c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**rx>~ ]Ɋ& !x>~r F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=337a3bf0-5a2b-412e-b7e6-e0731cd3b696 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=96dfb8c4-af3a-493f-ab11-34691a7f976c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**Xsx>~ ]Ɋ& !Xx>~s F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5af87480-141b-4397-8c92-50d8589bcc94 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**ptx>~ ]Ɋ& !Xx>~t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5af87480-141b-4397-8c92-50d8589bcc94 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**hux>~ ]Ɋ& !Xx>~u F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5af87480-141b-4397-8c92-50d8589bcc94 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**`vx>~ ]Ɋ& !Xx>~v F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5af87480-141b-4397-8c92-50d8589bcc94 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=19`**`wx>~ ]Ɋ& !Xx>~w F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5af87480-141b-4397-8c92-50d8589bcc94 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**`xx>~ ]Ɋ& !Xx>~x F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5af87480-141b-4397-8c92-50d8589bcc94 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**yx>~ ]Ɋ& !x>~y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5af87480-141b-4397-8c92-50d8589bcc94 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed031f0e-a4e3-4d0b-9574-a2bc64346938 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**zx>~ ]Ɋ& !x>~z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5af87480-141b-4397-8c92-50d8589bcc94 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed031f0e-a4e3-4d0b-9574-a2bc64346938 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**({x>~ ]Ɋ& !Xx>~{ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a0c3dee8-aa1e-4363-aa26-b72d2faeec20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0(**@|x>~ ]Ɋ& !Xx>~| F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a0c3dee8-aa1e-4363-aa26-b72d2faeec20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@}x>~ ]Ɋ& !Xx>~} F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a0c3dee8-aa1e-4363-aa26-b72d2faeec20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**8~x>~ ]Ɋ& !Xx>~~ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a0c3dee8-aa1e-4363-aa26-b72d2faeec20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**8x>~ ]Ɋ& !Xx>~ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a0c3dee8-aa1e-4363-aa26-b72d2faeec20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**8x>~ ]Ɋ& !Xx>~ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a0c3dee8-aa1e-4363-aa26-b72d2faeec20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**x>~ ]Ɋ& !x>~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a0c3dee8-aa1e-4363-aa26-b72d2faeec20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=04900f00-1e78-4f22-a5a4-2db6407688f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **L>~ ]Ɋ& !L>~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a0c3dee8-aa1e-4363-aa26-b72d2faeec20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=04900f00-1e78-4f22-a5a4-2db6407688f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**X>~ ]Ɋ& !X>~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=00ae0b11-1678-4130-96f3-729deaa47203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p>~ ]Ɋ& !X>~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=00ae0b11-1678-4130-96f3-729deaa47203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**p>~ ]Ɋ& !X>~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=00ae0b11-1678-4130-96f3-729deaa47203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**h>~ ]Ɋ& !X>~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=00ae0b11-1678-4130-96f3-729deaa47203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**h>~ ]Ɋ& !X>~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=00ae0b11-1678-4130-96f3-729deaa47203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**h>~ ]Ɋ& !X>~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=00ae0b11-1678-4130-96f3-729deaa47203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**>~ ]Ɋ&  !>~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=00ae0b11-1678-4130-96f3-729deaa47203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4e16da9f-f1b1-43ef-b449-bf8aa86cba7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**i>~ ]Ɋ& !i>~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=00ae0b11-1678-4130-96f3-729deaa47203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4e16da9f-f1b1-43ef-b449-bf8aa86cba7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq**i>~ ]Ɋ& '!Xi>~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=986c0dea-8731-41b7-be93-908ffff09fb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**i>~ ]Ɋ& ?!Xi>~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=986c0dea-8731-41b7-be93-908ffff09fb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**i>~ ]Ɋ& ;!Xi>~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=986c0dea-8731-41b7-be93-908ffff09fb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**i>~ ]Ɋ& 3!Xi>~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=986c0dea-8731-41b7-be93-908ffff09fb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, **i>~ ]Ɋ& 3!Xi>~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=986c0dea-8731-41b7-be93-908ffff09fb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**i>~ ]Ɋ& 5!Xi>~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=986c0dea-8731-41b7-be93-908ffff09fb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0i>~ ]Ɋ& !i>~ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=986c0dea-8731-41b7-be93-908ffff09fb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d52d6689-2eb9-42bb-b308-a842a55d849f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@>~ ]Ɋ& !>~ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=986c0dea-8731-41b7-be93-908ffff09fb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d52d6689-2eb9-42bb-b308-a842a55d849f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**, ]Ɋ& )!X, F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c65807c6-f1ee-411b-8df3-fb479521f52b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**, ]Ɋ& A!X, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c65807c6-f1ee-411b-8df3-fb479521f52b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**, ]Ɋ& =!X, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c65807c6-f1ee-411b-8df3-fb479521f52b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**, ]Ɋ& 5!X, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c65807c6-f1ee-411b-8df3-fb479521f52b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**, ]Ɋ& 5!X, F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c65807c6-f1ee-411b-8df3-fb479521f52b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**, ]Ɋ& 7!X, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c65807c6-f1ee-411b-8df3-fb479521f52b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0, ]Ɋ& !, F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c65807c6-f1ee-411b-8df3-fb479521f52b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e72aedb9-4f13-4bed-86c9-5e984787e106 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@. ]Ɋ& !. F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c65807c6-f1ee-411b-8df3-fb479521f52b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e72aedb9-4f13-4bed-86c9-5e984787e106 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**X. ]Ɋ& !X. F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cc0fb89a-7c60-46a7-baff-ad3687001174 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eaaX**p. ]Ɋ& !X. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cc0fb89a-7c60-46a7-baff-ad3687001174 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**h. ]Ɋ& !X. F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cc0fb89a-7c60-46a7-baff-ad3687001174 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X. F&dLine=8F& ElfChnk(] @jR-Mu=VysMc&&**h. ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!X. F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cc0fb89a-7c60-46a7-baff-ad3687001174 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`. ]Ɋ& !X. F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cc0fb89a-7c60-46a7-baff-ad3687001174 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h. ]Ɋ& !X. F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cc0fb89a-7c60-46a7-baff-ad3687001174 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**. ]Ɋ&  !. F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cc0fb89a-7c60-46a7-baff-ad3687001174 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa6bd082-e125-4763-8c79-d6142a234617 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**. ]Ɋ& !. F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cc0fb89a-7c60-46a7-baff-ad3687001174 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa6bd082-e125-4763-8c79-d6142a234617 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**8. ]Ɋ& !X. F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c7ae483d-1208-4344-9fd4-13836a9da5d7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P. ]Ɋ& !X. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c7ae483d-1208-4344-9fd4-13836a9da5d7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P. ]Ɋ& !X. F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c7ae483d-1208-4344-9fd4-13836a9da5d7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H. ]Ɋ& !X. F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c7ae483d-1208-4344-9fd4-13836a9da5d7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H. ]Ɋ& !X. F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c7ae483d-1208-4344-9fd4-13836a9da5d7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=~H**H. ]Ɋ& !X. F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c7ae483d-1208-4344-9fd4-13836a9da5d7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**. ]Ɋ& !. F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c7ae483d-1208-4344-9fd4-13836a9da5d7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b50ef4c7-f5d2-47fd-869b-4ef2baa49d60 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**. ]Ɋ& !. F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c7ae483d-1208-4344-9fd4-13836a9da5d7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b50ef4c7-f5d2-47fd-869b-4ef2baa49d60 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X. ]Ɋ& !X. F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=42916cce-c9ae-4d1f-a815-3df81089e841 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**p. ]Ɋ& !X. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=42916cce-c9ae-4d1f-a815-3df81089e841 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**h. ]Ɋ& !X. F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=42916cce-c9ae-4d1f-a815-3df81089e841 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**`. ]Ɋ& !X. F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=42916cce-c9ae-4d1f-a815-3df81089e841 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`. ]Ɋ& !X. F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=42916cce-c9ae-4d1f-a815-3df81089e841 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`. ]Ɋ& !X. F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=42916cce-c9ae-4d1f-a815-3df81089e841 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**. ]Ɋ& !. F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=42916cce-c9ae-4d1f-a815-3df81089e841 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50cd2fd6-cf71-47b8-9ca5-9ad99258e0a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**. ]Ɋ& !. F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=42916cce-c9ae-4d1f-a815-3df81089e841 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50cd2fd6-cf71-47b8-9ca5-9ad99258e0a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**(1?/ ]Ɋ& !X1?/ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8c507057-73f4-42cc-84a4-a50910a9cfe4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@1?/ ]Ɋ& !X1?/ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8c507057-73f4-42cc-84a4-a50910a9cfe4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@1?/ ]Ɋ& !X1?/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8c507057-73f4-42cc-84a4-a50910a9cfe4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**81?/ ]Ɋ& !X1?/ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8c507057-73f4-42cc-84a4-a50910a9cfe4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**81?/ ]Ɋ& !X1?/ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8c507057-73f4-42cc-84a4-a50910a9cfe4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=96f8**81?/ ]Ɋ& !X1?/ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8c507057-73f4-42cc-84a4-a50910a9cfe4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**1?/ ]Ɋ& !1?/ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8c507057-73f4-42cc-84a4-a50910a9cfe4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dac50da7-8a04-417d-a98c-b8ebd0610175 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**/ ]Ɋ& !/ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8c507057-73f4-42cc-84a4-a50910a9cfe4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dac50da7-8a04-417d-a98c-b8ebd0610175 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **X!:2 ]Ɋ& !X!:2 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3ec120cf-452f-44c9-ad20-eac83a402108 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p!:2 ]Ɋ& !X!:2 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3ec120cf-452f-44c9-ad20-eac83a402108 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p!:2 ]Ɋ& !X!:2 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3ec120cf-452f-44c9-ad20-eac83a402108 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**h!:2 ]Ɋ& !X!:2 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3ec120cf-452f-44c9-ad20-eac83a402108 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**h!:2 ]Ɋ& !X!:2 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3ec120cf-452f-44c9-ad20-eac83a402108 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h!:2 ]Ɋ& !X!:2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3ec120cf-452f-44c9-ad20-eac83a402108 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**!:2 ]Ɋ&  !!:2 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3ec120cf-452f-44c9-ad20-eac83a402108 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4082d5c2-0769-4db3-bcd5-6467f83a17c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **!:2 ]Ɋ& !!:2 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3ec120cf-452f-44c9-ad20-eac83a402108 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4082d5c2-0769-4db3-bcd5-6467f83a17c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **2 ]Ɋ& '!X2 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1aada12d-5a0c-480e-b37e-df7c754c2fde HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**2 ]Ɋ& ?!X2 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1aada12d-5a0c-480e-b37e-df7c754c2fde HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**2 ]Ɋ& ;!X2 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1aada12d-5a0c-480e-b37e-df7c754c2fde HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**2 ]Ɋ& 3!X2 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1aada12d-5a0c-480e-b37e-df7c754c2fde HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**2 ]Ɋ& 3!X2 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1aada12d-5a0c-480e-b37e-df7c754c2fde HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS**2 ]Ɋ& 5!X2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1aada12d-5a0c-480e-b37e-df7c754c2fde HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**02 ]Ɋ& !2 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1aada12d-5a0c-480e-b37e-df7c754c2fde HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=93bc040e-0a29-43ef-afce-95fe2f630a90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@Nk3 ]Ɋ& !Nk3 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1aada12d-5a0c-480e-b37e-df7c754c2fde HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=93bc040e-0a29-43ef-afce-95fe2f630a90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**߸ ]Ɋ& )!X߸ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f76c64d3-cc6f-4032-8a59-bdf7e04951a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**߸ ]Ɋ& A!X߸ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f76c64d3-cc6f-4032-8a59-bdf7e04951a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**߸ ]Ɋ& =!X߸ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f76c64d3-cc6f-4032-8a59-bdf7e04951a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNX߸ F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X. F&dLine=8F& ElfChnkps̍n_Mu=VysMc&&**߸ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X߸ F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f76c64d3-cc6f-4032-8a59-bdf7e04951a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **߸ ]Ɋ& 5!X߸ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f76c64d3-cc6f-4032-8a59-bdf7e04951a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**߸ ]Ɋ& 7!X߸ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f76c64d3-cc6f-4032-8a59-bdf7e04951a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0߸ ]Ɋ& !߸ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f76c64d3-cc6f-4032-8a59-bdf7e04951a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=412df729-fc49-4542-a76a-716020572405 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@uQ ]Ɋ& !uQ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f76c64d3-cc6f-4032-8a59-bdf7e04951a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=412df729-fc49-4542-a76a-716020572405 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=011@**XuQ ]Ɋ& !XuQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1897cb87-bd1a-4862-8bc4-874bdd98f3ec HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**puQ ]Ɋ& !XuQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1897cb87-bd1a-4862-8bc4-874bdd98f3ec HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=120p**huQ ]Ɋ& !XuQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1897cb87-bd1a-4862-8bc4-874bdd98f3ec HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3h**`uQ ]Ɋ& !XuQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1897cb87-bd1a-4862-8bc4-874bdd98f3ec HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`uQ ]Ɋ& !XuQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1897cb87-bd1a-4862-8bc4-874bdd98f3ec HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**huQ ]Ɋ& !XuQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1897cb87-bd1a-4862-8bc4-874bdd98f3ec HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**uQ ]Ɋ&  !uQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1897cb87-bd1a-4862-8bc4-874bdd98f3ec HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=95d858e5-6672-4889-ba40-cc59f2f29d62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1897cb87-bd1a-4862-8bc4-874bdd98f3ec HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=95d858e5-6672-4889-ba40-cc59f2f29d62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8  ]Ɋ& !X  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b8667f50-cf34-44a6-af26-9cb6a38e59fc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**P  ]Ɋ& !X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b8667f50-cf34-44a6-af26-9cb6a38e59fc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**P  ]Ɋ& !X  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b8667f50-cf34-44a6-af26-9cb6a38e59fc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**H  ]Ɋ& !X  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b8667f50-cf34-44a6-af26-9cb6a38e59fc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**H  ]Ɋ& !X  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b8667f50-cf34-44a6-af26-9cb6a38e59fc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**H  ]Ɋ& !X  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b8667f50-cf34-44a6-af26-9cb6a38e59fc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f81H**  ]Ɋ& !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b8667f50-cf34-44a6-af26-9cb6a38e59fc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fe27569d-b370-4194-91ce-8651c59b59b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b8667f50-cf34-44a6-af26-9cb6a38e59fc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fe27569d-b370-4194-91ce-8651c59b59b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**X  ]Ɋ& !X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d862228-c20c-4f87-aabb-e3217536a7f5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8c50X**p  ]Ɋ& !X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d862228-c20c-4f87-aabb-e3217536a7f5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**h  ]Ɋ& !X  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d862228-c20c-4f87-aabb-e3217536a7f5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`  ]Ɋ& !X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d862228-c20c-4f87-aabb-e3217536a7f5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**`  ]Ɋ& !X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d862228-c20c-4f87-aabb-e3217536a7f5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`  ]Ɋ& !X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d862228-c20c-4f87-aabb-e3217536a7f5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`**  ]Ɋ& !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d862228-c20c-4f87-aabb-e3217536a7f5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=975818ef-b3eb-4ab2-b556-53c23a1b5f15 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d862228-c20c-4f87-aabb-e3217536a7f5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=975818ef-b3eb-4ab2-b556-53c23a1b5f15 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=057**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1dccc054-a419-487e-a07b-9e9ae3eb5076 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1dccc054-a419-487e-a07b-9e9ae3eb5076 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1dccc054-a419-487e-a07b-9e9ae3eb5076 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1dccc054-a419-487e-a07b-9e9ae3eb5076 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1dccc054-a419-487e-a07b-9e9ae3eb5076 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1dccc054-a419-487e-a07b-9e9ae3eb5076 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1dccc054-a419-487e-a07b-9e9ae3eb5076 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=030753e7-4b55-4bf3-9742-6b99d59bd179 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d2**9 ]Ɋ& !9 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1dccc054-a419-487e-a07b-9e9ae3eb5076 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=030753e7-4b55-4bf3-9742-6b99d59bd179 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0bb6a41c-6c34-463d-8fe6-3c22630ac7f2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0bb6a41c-6c34-463d-8fe6-3c22630ac7f2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0bb6a41c-6c34-463d-8fe6-3c22630ac7f2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0bb6a41c-6c34-463d-8fe6-3c22630ac7f2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0bb6a41c-6c34-463d-8fe6-3c22630ac7f2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0bb6a41c-6c34-463d-8fe6-3c22630ac7f2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2fh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0bb6a41c-6c34-463d-8fe6-3c22630ac7f2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=465a2ac9-9438-46c9-a53d-ad79b924a1cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**} ]Ɋ& !} F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0bb6a41c-6c34-463d-8fe6-3c22630ac7f2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=465a2ac9-9438-46c9-a53d-ad79b924a1cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue**} ]Ɋ& '!X} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=20d3a563-cc55-494a-b3db-ce6c00b24fef HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**} ]Ɋ& ?!X} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=20d3a563-cc55-494a-b3db-ce6c00b24fef HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**} ]Ɋ& ;!X} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=20d3a563-cc55-494a-b3db-ce6c00b24fef HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**} ]Ɋ& 3!X} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=20d3a563-cc55-494a-b3db-ce6c00b24fef HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioX} F&4032-8a59-bdf7e04951a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNX߸ F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X. F&dLine=8F& ElfChnk00Hӡ7Mu=VysMc&&** } ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X} F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=20d3a563-cc55-494a-b3db-ce6c00b24fef HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **} ]Ɋ& 5!X} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=20d3a563-cc55-494a-b3db-ce6c00b24fef HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=߸**0} ]Ɋ& !} F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=20d3a563-cc55-494a-b3db-ce6c00b24fef HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=482ca8de-0cdd-4a6e-8acd-4b7d30d9c36d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a50**@) ]Ɋ& !) F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=20d3a563-cc55-494a-b3db-ce6c00b24fef HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=482ca8de-0cdd-4a6e-8acd-4b7d30d9c36d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**sCQ ]Ɋ& )!XsCQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3ce11ab9-6f93-46cc-8101-fcf4996977e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **sCQ ]Ɋ& A!XsCQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3ce11ab9-6f93-46cc-8101-fcf4996977e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**sCQ ]Ɋ& =!XsCQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3ce11ab9-6f93-46cc-8101-fcf4996977e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**sCQ ]Ɋ& 5!XsCQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3ce11ab9-6f93-46cc-8101-fcf4996977e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dd**sCQ ]Ɋ& 5!XsCQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3ce11ab9-6f93-46cc-8101-fcf4996977e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns**sCQ ]Ɋ& 7!XsCQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3ce11ab9-6f93-46cc-8101-fcf4996977e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0 sCQ ]Ɋ& !sCQ  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3ce11ab9-6f93-46cc-8101-fcf4996977e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9aae743-7f84-4520-99db-ab788357ecc1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ \DQ ]Ɋ& ! \DQ  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3ce11ab9-6f93-46cc-8101-fcf4996977e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9aae743-7f84-4520-99db-ab788357ecc1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**X DQ ]Ɋ& !XDQ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=43994c39-e2ac-4592-af01-56c995afaf6c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**p DQ ]Ɋ& !XDQ  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=43994c39-e2ac-4592-af01-56c995afaf6c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h DQ ]Ɋ& !XDQ  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=43994c39-e2ac-4592-af01-56c995afaf6c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`DQ ]Ɋ& !XDQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=43994c39-e2ac-4592-af01-56c995afaf6c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`DQ ]Ɋ& !XDQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=43994c39-e2ac-4592-af01-56c995afaf6c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hDQ ]Ɋ& !XDQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=43994c39-e2ac-4592-af01-56c995afaf6c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh**DQ ]Ɋ&  !DQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=43994c39-e2ac-4592-af01-56c995afaf6c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7c06fa5c-f249-42d4-b7d9-f6e65e0b2e95 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe**DQ ]Ɋ& !DQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=43994c39-e2ac-4592-af01-56c995afaf6c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7c06fa5c-f249-42d4-b7d9-f6e65e0b2e95 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**8DQ ]Ɋ& !XDQ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=38335796-669c-4300-ada2-a9d3e6bd5cf4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**PDQ ]Ɋ& !XDQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=38335796-669c-4300-ada2-a9d3e6bd5cf4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**PDQ ]Ɋ& !XDQ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=38335796-669c-4300-ada2-a9d3e6bd5cf4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HDQ ]Ɋ& !XDQ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=38335796-669c-4300-ada2-a9d3e6bd5cf4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**HDQ ]Ɋ& !XDQ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=38335796-669c-4300-ada2-a9d3e6bd5cf4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HDQ ]Ɋ& !XDQ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=38335796-669c-4300-ada2-a9d3e6bd5cf4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**DQ ]Ɋ& !DQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=38335796-669c-4300-ada2-a9d3e6bd5cf4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5c65ec0-7be0-40c8-8f95-337e5da30c8d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7EQ ]Ɋ& !7EQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=38335796-669c-4300-ada2-a9d3e6bd5cf4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5c65ec0-7be0-40c8-8f95-337e5da30c8d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X7EQ ]Ɋ& !X7EQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d480e0f-6437-417c-b429-557368b2886a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**p7EQ ]Ɋ& !X7EQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d480e0f-6437-417c-b429-557368b2886a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h7EQ ]Ɋ& !X7EQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d480e0f-6437-417c-b429-557368b2886a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`7EQ ]Ɋ& !X7EQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d480e0f-6437-417c-b429-557368b2886a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7e`**`7EQ ]Ɋ& !X7EQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d480e0f-6437-417c-b429-557368b2886a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**` 7EQ ]Ɋ& !X7EQ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d480e0f-6437-417c-b429-557368b2886a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**!7EQ ]Ɋ& !7EQ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d480e0f-6437-417c-b429-557368b2886a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fa060e8-323d-4f73-a4d7-3942d8cd98e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**"7EQ ]Ɋ& !7EQ" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d480e0f-6437-417c-b429-557368b2886a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fa060e8-323d-4f73-a4d7-3942d8cd98e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==03**(#7EQ ]Ɋ& !X7EQ# F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ca73b484-7947-4d83-b45e-63fbf1344969 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@$7EQ ]Ɋ& !X7EQ$ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ca73b484-7947-4d83-b45e-63fbf1344969 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@%7EQ ]Ɋ& !X7EQ% F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ca73b484-7947-4d83-b45e-63fbf1344969 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**8&7EQ ]Ɋ& !X7EQ& F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ca73b484-7947-4d83-b45e-63fbf1344969 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8'7EQ ]Ɋ& !X7EQ' F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ca73b484-7947-4d83-b45e-63fbf1344969 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8(7EQ ]Ɋ& !X7EQ( F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ca73b484-7947-4d83-b45e-63fbf1344969 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**)7EQ ]Ɋ& !7EQ) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ca73b484-7947-4d83-b45e-63fbf1344969 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=18d60453-6f1b-4e8e-9ab8-30e09cf10075 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S***%FQ ]Ɋ& !%FQ* F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ca73b484-7947-4d83-b45e-63fbf1344969 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=18d60453-6f1b-4e8e-9ab8-30e09cf10075 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**X+GQ ]Ɋ& !XGQ+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0c4ee7cd-765c-4b13-b4ec-8bc7abc4c2e6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p,GQ ]Ɋ& !XGQ, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0c4ee7cd-765c-4b13-b4ec-8bc7abc4c2e6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p-GQ ]Ɋ& !XGQ- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0c4ee7cd-765c-4b13-b4ec-8bc7abc4c2e6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**h.GQ ]Ɋ& !XGQ. F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0c4ee7cd-765c-4b13-b4ec-8bc7abc4c2e6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**h/GQ ]Ɋ& !XGQ/ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0c4ee7cd-765c-4b13-b4ec-8bc7abc4c2e6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**h0GQ ]Ɋ& !XGQ0 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0c4ee7cd-765c-4b13-b4ec-8bc7abc4c2e6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !GQ1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0c4ee7cd-765c-4b13-b4ec-8bc7abc4c2e6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=96cf4d3e-3e3a-4585-90c7-9fc748439dd9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk1c1c8"k?lMu=VysMc&&** 1GQ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !GQ1 F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0c4ee7cd-765c-4b13-b4ec-8bc7abc4c2e6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=96cf4d3e-3e3a-4585-90c7-9fc748439dd9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art **2'HQ ]Ɋ& !'HQ2 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0c4ee7cd-765c-4b13-b4ec-8bc7abc4c2e6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=96cf4d3e-3e3a-4585-90c7-9fc748439dd9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=4**3'HQ ]Ɋ& '!X'HQ3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2f018750-b42b-4235-9f48-f0b69c25334b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**4'HQ ]Ɋ& ?!X'HQ4 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2f018750-b42b-4235-9f48-f0b69c25334b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**5'HQ ]Ɋ& ;!X'HQ5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2f018750-b42b-4235-9f48-f0b69c25334b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**6'HQ ]Ɋ& 3!X'HQ6 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2f018750-b42b-4235-9f48-f0b69c25334b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**7'HQ ]Ɋ& 3!X'HQ7 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2f018750-b42b-4235-9f48-f0b69c25334b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **8'HQ ]Ɋ& 5!X'HQ8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2f018750-b42b-4235-9f48-f0b69c25334b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**09'HQ ]Ɋ& !'HQ9 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2f018750-b42b-4235-9f48-f0b69c25334b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=89f8358e-d071-4407-9d35-2461f2d4500b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=740**@: IQ ]Ɋ& ! IQ: F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2f018750-b42b-4235-9f48-f0b69c25334b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=89f8358e-d071-4407-9d35-2461f2d4500b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d P@**;r ]Ɋ& )!Xr; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=056222b6-990e-45a9-849a-e957304bbde6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<r ]Ɋ& A!Xr< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=056222b6-990e-45a9-849a-e957304bbde6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**=r ]Ɋ& =!Xr= F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=056222b6-990e-45a9-849a-e957304bbde6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **>r ]Ɋ& 5!Xr> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=056222b6-990e-45a9-849a-e957304bbde6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**?r ]Ɋ& 5!Xr? F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=056222b6-990e-45a9-849a-e957304bbde6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cl**@r ]Ɋ& 7!Xr@ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=056222b6-990e-45a9-849a-e957304bbde6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0Ar ]Ɋ& !rA F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=056222b6-990e-45a9-849a-e957304bbde6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2292c51b-ff6f-4d3f-8c1d-11516aadae0c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@Bţ ]Ɋ& !ţB F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=056222b6-990e-45a9-849a-e957304bbde6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2292c51b-ff6f-4d3f-8c1d-11516aadae0c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art@**XCţ ]Ɋ& !XţC F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=935bfeb9-0f76-4b64-95fe-4faf154f6936 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d X**pDţ ]Ɋ& !XţD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=935bfeb9-0f76-4b64-95fe-4faf154f6936 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=p**hEţ ]Ɋ& !XţE F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=935bfeb9-0f76-4b64-95fe-4faf154f6936 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ch**`Fţ ]Ɋ& !XţF F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=935bfeb9-0f76-4b64-95fe-4faf154f6936 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`Gţ ]Ɋ& !XţG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=935bfeb9-0f76-4b64-95fe-4faf154f6936 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**hHţ ]Ɋ& !XţH F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=935bfeb9-0f76-4b64-95fe-4faf154f6936 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tId=h**I\< ]Ɋ&  !\<I F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=935bfeb9-0f76-4b64-95fe-4faf154f6936 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=655fd267-b77d-4659-a923-56744dced131 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=96-6**J\< ]Ɋ& !\<J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=935bfeb9-0f76-4b64-95fe-4faf154f6936 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=655fd267-b77d-4659-a923-56744dced131 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**8K\< ]Ɋ& !X\<K F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2c2a55cc-b8c7-42a0-a3ca-2219f360dfe9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=438**PL\< ]Ɋ& !X\<L F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2c2a55cc-b8c7-42a0-a3ca-2219f360dfe9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tIP**PM\< ]Ɋ& !X\<M F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2c2a55cc-b8c7-42a0-a3ca-2219f360dfe9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==4.0P**HN\< ]Ɋ& !X\<N F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2c2a55cc-b8c7-42a0-a3ca-2219f360dfe9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**HO\< ]Ɋ& !X\<O F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2c2a55cc-b8c7-42a0-a3ca-2219f360dfe9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConsH**HP\< ]Ɋ& !X\<P F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2c2a55cc-b8c7-42a0-a3ca-2219f360dfe9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**Q\< ]Ɋ& !\<Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2c2a55cc-b8c7-42a0-a3ca-2219f360dfe9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e947e5e5-2874-4dea-856b-e5432953dfea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=equ**R\< ]Ɋ& !\<R F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2c2a55cc-b8c7-42a0-a3ca-2219f360dfe9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e947e5e5-2874-4dea-856b-e5432953dfea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**XS\< ]Ɋ& !X\<S F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6223d7b4-451d-4637-891f-70b04993f87f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pT\< ]Ɋ& !X\<T F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6223d7b4-451d-4637-891f-70b04993f87f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Scp**hU\< ]Ɋ& !X\<U F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6223d7b4-451d-4637-891f-70b04993f87f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dOh**`V\< ]Ɋ& !X\<V F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6223d7b4-451d-4637-891f-70b04993f87f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns`**`W\< ]Ɋ& !X\<W F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6223d7b4-451d-4637-891f-70b04993f87f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh`**`X\< ]Ɋ& !X\<X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6223d7b4-451d-4637-891f-70b04993f87f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**YԢ ]Ɋ& !ԢY F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6223d7b4-451d-4637-891f-70b04993f87f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2364c9bf-d296-4e30-b6f6-63ff6b6e0d57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**ZԢ ]Ɋ& !ԢZ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6223d7b4-451d-4637-891f-70b04993f87f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2364c9bf-d296-4e30-b6f6-63ff6b6e0d57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**([Ԣ ]Ɋ& !XԢ[ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=89aadadf-0c76-4975-b43f-529d3a1d7e84 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m(**@\Ԣ ]Ɋ& !XԢ\ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=89aadadf-0c76-4975-b43f-529d3a1d7e84 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U@**@]Ԣ ]Ɋ& !XԢ] F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=89aadadf-0c76-4975-b43f-529d3a1d7e84 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8^Ԣ ]Ɋ& !XԢ^ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=89aadadf-0c76-4975-b43f-529d3a1d7e84 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ARE8**8_Ԣ ]Ɋ& !XԢ_ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=89aadadf-0c76-4975-b43f-529d3a1d7e84 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8`Ԣ ]Ɋ& !XԢ` F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=89aadadf-0c76-4975-b43f-529d3a1d7e84 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**aԢ ]Ɋ& !Ԣa F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=89aadadf-0c76-4975-b43f-529d3a1d7e84 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2f703692-f396-48a6-9d5d-848a8e908d3f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co**bm ]Ɋ& !mb F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=89aadadf-0c76-4975-b43f-529d3a1d7e84 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2f703692-f396-48a6-9d5d-848a8e908d3f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInf**XcL7 ]Ɋ& !XL7c F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4d19604c-63b7-4e80-8bd1-0fe05cc62fa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53XL7d F&aceId=96cf4d3e-3e3a-4585-90c7-9fc748439dd9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkdd0x_tMu=VysMc&&**x dL7 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! W!XL7d F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4d19604c-63b7-4e80-8bd1-0fe05cc62fa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **peL7 ]Ɋ& !XL7e F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4d19604c-63b7-4e80-8bd1-0fe05cc62fa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**hfL7 ]Ɋ& !XL7f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4d19604c-63b7-4e80-8bd1-0fe05cc62fa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**hgL7 ]Ɋ& !XL7g F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4d19604c-63b7-4e80-8bd1-0fe05cc62fa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hhL7 ]Ɋ& !XL7h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4d19604c-63b7-4e80-8bd1-0fe05cc62fa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**iL7 ]Ɋ&  !L7i F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4d19604c-63b7-4e80-8bd1-0fe05cc62fa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9882e084-7a14-4b3b-857a-fbf724a36221 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**jϥ ]Ɋ& !ϥj F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4d19604c-63b7-4e80-8bd1-0fe05cc62fa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9882e084-7a14-4b3b-857a-fbf724a36221 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**kϥ ]Ɋ& '!Xϥk F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=affd2dee-a99a-4fff-8fc0-7103cc98759a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**lϥ ]Ɋ& ?!Xϥl F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=affd2dee-a99a-4fff-8fc0-7103cc98759a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**mϥ ]Ɋ& ;!Xϥm F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=affd2dee-a99a-4fff-8fc0-7103cc98759a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=957**nϥ ]Ɋ& 3!Xϥn F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=affd2dee-a99a-4fff-8fc0-7103cc98759a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**oϥ ]Ɋ& 3!Xϥo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=affd2dee-a99a-4fff-8fc0-7103cc98759a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=730**pϥ ]Ɋ& 5!Xϥp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=affd2dee-a99a-4fff-8fc0-7103cc98759a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0qϥ ]Ɋ& !ϥq F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=affd2dee-a99a-4fff-8fc0-7103cc98759a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f973bd08-31b3-4196-b7f8-fe7111cccdda PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@ryh ]Ɋ& !yhr F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=affd2dee-a99a-4fff-8fc0-7103cc98759a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f973bd08-31b3-4196-b7f8-fe7111cccdda PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**sd] ]Ɋ& )!Xd]s F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f29431f6-4a5b-4f4a-9e3c-bd601e9475c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **td] ]Ɋ& A!Xd]t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f29431f6-4a5b-4f4a-9e3c-bd601e9475c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**ud] ]Ɋ& =!Xd]u F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f29431f6-4a5b-4f4a-9e3c-bd601e9475c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**vd] ]Ɋ& 5!Xd]v F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f29431f6-4a5b-4f4a-9e3c-bd601e9475c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**wd] ]Ɋ& 5!Xd]w F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f29431f6-4a5b-4f4a-9e3c-bd601e9475c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**xd] ]Ɋ& 7!Xd]x F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f29431f6-4a5b-4f4a-9e3c-bd601e9475c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0yd] ]Ɋ& !d]y F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f29431f6-4a5b-4f4a-9e3c-bd601e9475c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83e99e32-b9b7-4743-bfca-5622afb3d2e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@zI^ ]Ɋ& !I^z F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f29431f6-4a5b-4f4a-9e3c-bd601e9475c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83e99e32-b9b7-4743-bfca-5622afb3d2e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**X{'^ ]Ɋ& !X'^{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8bfd6a13-a0af-4c8d-90c3-65ef0601992f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KX**p|'^ ]Ɋ& !X'^| F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8bfd6a13-a0af-4c8d-90c3-65ef0601992f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**h}'^ ]Ɋ& !X'^} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8bfd6a13-a0af-4c8d-90c3-65ef0601992f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`~'^ ]Ɋ& !X'^~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8bfd6a13-a0af-4c8d-90c3-65ef0601992f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`'^ ]Ɋ& !X'^ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8bfd6a13-a0af-4c8d-90c3-65ef0601992f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h'^ ]Ɋ& !X'^ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8bfd6a13-a0af-4c8d-90c3-65ef0601992f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**'^ ]Ɋ&  !'^ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8bfd6a13-a0af-4c8d-90c3-65ef0601992f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3d8c972f-b55e-47a9-92fe-f48707d47feb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**'^ ]Ɋ& !'^ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8bfd6a13-a0af-4c8d-90c3-65ef0601992f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3d8c972f-b55e-47a9-92fe-f48707d47feb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8'^ ]Ɋ& !X'^ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ed500bb6-9b26-4388-b7c5-38e17769d07e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**P'^ ]Ɋ& !X'^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ed500bb6-9b26-4388-b7c5-38e17769d07e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P'^ ]Ɋ& !X'^ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ed500bb6-9b26-4388-b7c5-38e17769d07e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**H'^ ]Ɋ& !X'^ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ed500bb6-9b26-4388-b7c5-38e17769d07e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**H'^ ]Ɋ& !X'^ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ed500bb6-9b26-4388-b7c5-38e17769d07e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**H'^ ]Ɋ& !X'^ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ed500bb6-9b26-4388-b7c5-38e17769d07e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**'^ ]Ɋ& !'^ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ed500bb6-9b26-4388-b7c5-38e17769d07e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=603bcd8a-0d09-4a84-9adf-ff43915a12e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**'^ ]Ɋ& !'^ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ed500bb6-9b26-4388-b7c5-38e17769d07e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=603bcd8a-0d09-4a84-9adf-ff43915a12e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xz_ ]Ɋ& !Xz_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a059e58e-5fcf-4f0c-ac8a-2ffbea060b57 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**pz_ ]Ɋ& !Xz_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a059e58e-5fcf-4f0c-ac8a-2ffbea060b57 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**hz_ ]Ɋ& !Xz_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a059e58e-5fcf-4f0c-ac8a-2ffbea060b57 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`z_ ]Ɋ& !Xz_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a059e58e-5fcf-4f0c-ac8a-2ffbea060b57 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`z_ ]Ɋ& !Xz_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a059e58e-5fcf-4f0c-ac8a-2ffbea060b57 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`z_ ]Ɋ& !Xz_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a059e58e-5fcf-4f0c-ac8a-2ffbea060b57 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**z_ ]Ɋ& !z_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a059e58e-5fcf-4f0c-ac8a-2ffbea060b57 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8260cd92-0ce6-4a24-abf6-87cc00ec2a8c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**z_ ]Ɋ& !z_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a059e58e-5fcf-4f0c-ac8a-2ffbea060b57 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8260cd92-0ce6-4a24-abf6-87cc00ec2a8c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(z_ ]Ɋ& !Xz_ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cedfb027-7ef3-408e-be56-5f5f1fab58bf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@z_ ]Ɋ& !Xz_ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cedfb027-7ef3-408e-be56-5f5f1fab58bf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@z_ ]Ɋ& !Xz_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cedfb027-7ef3-408e-be56-5f5f1fab58bf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@ 65535 Eng ]Ɋ& ndXz_ F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53XL7d F&aceId=96cf4d3e-3e3a-4585-90c7-9fc748439dd9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkpd,jhMu=VysMc&&**8 z_ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xz_ F&F%g>9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cedfb027-7ef3-408e-be56-5f5f1fab58bf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8z_ ]Ɋ& !Xz_ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cedfb027-7ef3-408e-be56-5f5f1fab58bf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8z_ ]Ɋ& !Xz_ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cedfb027-7ef3-408e-be56-5f5f1fab58bf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8**z_ ]Ɋ& !z_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cedfb027-7ef3-408e-be56-5f5f1fab58bf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=90639688-2d5a-4dff-8b8d-7bd4a53d8a09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4d**T` ]Ɋ& !T` F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cedfb027-7ef3-408e-be56-5f5f1fab58bf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=90639688-2d5a-4dff-8b8d-7bd4a53d8a09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**Xa ]Ɋ& !Xa F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=884b652c-bf55-46ec-b34a-6c3900587457 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pa ]Ɋ& !Xa F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=884b652c-bf55-46ec-b34a-6c3900587457 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**pa ]Ɋ& !Xa F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=884b652c-bf55-46ec-b34a-6c3900587457 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**ha ]Ɋ& !Xa F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=884b652c-bf55-46ec-b34a-6c3900587457 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**ha ]Ɋ& !Xa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=884b652c-bf55-46ec-b34a-6c3900587457 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**ha ]Ɋ& !Xa F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=884b652c-bf55-46ec-b34a-6c3900587457 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a-h**a ]Ɋ&  !a F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=884b652c-bf55-46ec-b34a-6c3900587457 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4821e46a-b172-438f-8fa2-3abdd04dadc9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O**ub ]Ɋ& !ub F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=884b652c-bf55-46ec-b34a-6c3900587457 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4821e46a-b172-438f-8fa2-3abdd04dadc9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[**ub ]Ɋ& '!Xub F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3b2ce31f-8299-4019-ac5a-7d0d4a92e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**ub ]Ɋ& ?!Xub F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3b2ce31f-8299-4019-ac5a-7d0d4a92e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**ub ]Ɋ& ;!Xub F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3b2ce31f-8299-4019-ac5a-7d0d4a92e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**ub ]Ɋ& 3!Xub F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3b2ce31f-8299-4019-ac5a-7d0d4a92e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ub ]Ɋ& 3!Xub F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3b2ce31f-8299-4019-ac5a-7d0d4a92e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp**ub ]Ɋ& 5!Xub F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3b2ce31f-8299-4019-ac5a-7d0d4a92e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**0ub ]Ɋ& !ub F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3b2ce31f-8299-4019-ac5a-7d0d4a92e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d6de2198-5a6f-4f24-90ca-fc0be4af93d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@Ec ]Ɋ& !Ec F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3b2ce31f-8299-4019-ac5a-7d0d4a92e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d6de2198-5a6f-4f24-90ca-fc0be4af93d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@**c ]Ɋ& )!Xc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=58fb7e05-9499-4ba7-91b1-1cde2534cd7d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**c ]Ɋ& A!Xc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=58fb7e05-9499-4ba7-91b1-1cde2534cd7d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**c ]Ɋ& =!Xc F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=58fb7e05-9499-4ba7-91b1-1cde2534cd7d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**c ]Ɋ& 5!Xc F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=58fb7e05-9499-4ba7-91b1-1cde2534cd7d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**c ]Ɋ& 5!Xc F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=58fb7e05-9499-4ba7-91b1-1cde2534cd7d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**c ]Ɋ& 7!Xc F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=58fb7e05-9499-4ba7-91b1-1cde2534cd7d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0&c ]Ɋ& !&c F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=58fb7e05-9499-4ba7-91b1-1cde2534cd7d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1fd1a14-6530-46d3-8f1c-884f292892a0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@Wc ]Ɋ& !Wc F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=58fb7e05-9499-4ba7-91b1-1cde2534cd7d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1fd1a14-6530-46d3-8f1c-884f292892a0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=af-@**XWc ]Ɋ& !XWc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5d85f408-ff4a-49d0-880a-db0be39ccb83 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**pWc ]Ɋ& !XWc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5d85f408-ff4a-49d0-880a-db0be39ccb83 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**hWc ]Ɋ& !XWc F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5d85f408-ff4a-49d0-880a-db0be39ccb83 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bh**`Wc ]Ɋ& !XWc F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5d85f408-ff4a-49d0-880a-db0be39ccb83 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8`**`Wc ]Ɋ& !XWc F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5d85f408-ff4a-49d0-880a-db0be39ccb83 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7`**hWc ]Ɋ& !XWc F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5d85f408-ff4a-49d0-880a-db0be39ccb83 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph**Wc ]Ɋ&  !Wc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5d85f408-ff4a-49d0-880a-db0be39ccb83 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f0f936e-9d21-4cd7-9162-b8ebade54382 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru**Wc ]Ɋ& !Wc F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5d85f408-ff4a-49d0-880a-db0be39ccb83 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f0f936e-9d21-4cd7-9162-b8ebade54382 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8Wc ]Ɋ& !XWc F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=394f58f8-52f0-4d48-b12a-d9eba7096103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**PWc ]Ɋ& !XWc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=394f58f8-52f0-4d48-b12a-d9eba7096103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**PWc ]Ɋ& !XWc F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=394f58f8-52f0-4d48-b12a-d9eba7096103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**HWc ]Ɋ& !XWc F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=394f58f8-52f0-4d48-b12a-d9eba7096103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=060bH**HWc ]Ɋ& !XWc F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=394f58f8-52f0-4d48-b12a-d9eba7096103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-ac8H**HWc ]Ɋ& !XWc F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=394f58f8-52f0-4d48-b12a-d9eba7096103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8e-H**]c ]Ɋ& !]c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=394f58f8-52f0-4d48-b12a-d9eba7096103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48bcf569-32f6-491a-b06c-2037e4d1d4c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b57**]c ]Ɋ& !]c F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=394f58f8-52f0-4d48-b12a-d9eba7096103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48bcf569-32f6-491a-b06c-2037e4d1d4c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**X]c ]Ɋ& !X]c F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7acd85c2-1cb5-47ca-84a8-cb117ca6d5c8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**p]c ]Ɋ& !X]c F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7acd85c2-1cb5-47ca-84a8-cb117ca6d5c8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**h]c ]Ɋ& !X]c F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7acd85c2-1cb5-47ca-84a8-cb117ca6d5c8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`]c ]Ɋ& !X]c F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7acd85c2-1cb5-47ca-84a8-cb117ca6d5c8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CX]c F&wid@ 65535 Eng ]Ɋ& ndXz_ F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53XL7d F&aceId=96cf4d3e-3e3a-4585-90c7-9fc748439dd9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@S˔+]Mu=VysMc&&**h]c ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X]c F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7acd85c2-1cb5-47ca-84a8-cb117ca6d5c8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`]c ]Ɋ& !X]c F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7acd85c2-1cb5-47ca-84a8-cb117ca6d5c8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**]c ]Ɋ& !]c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7acd85c2-1cb5-47ca-84a8-cb117ca6d5c8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=985b6c99-bc38-4fb9-8048-7b294c18b1c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**]c ]Ɋ& !]c F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7acd85c2-1cb5-47ca-84a8-cb117ca6d5c8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=985b6c99-bc38-4fb9-8048-7b294c18b1c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(c ]Ɋ& !Xc F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d972c156-2346-44a7-8dba-5a9b20a25ab4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8(**@c ]Ɋ& !Xc F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d972c156-2346-44a7-8dba-5a9b20a25ab4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b@**@c ]Ɋ& !Xc F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d972c156-2346-44a7-8dba-5a9b20a25ab4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8c ]Ɋ& !Xc F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d972c156-2346-44a7-8dba-5a9b20a25ab4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8c ]Ɋ& !Xc F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d972c156-2346-44a7-8dba-5a9b20a25ab4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8c ]Ɋ& !Xc F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d972c156-2346-44a7-8dba-5a9b20a25ab4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**c ]Ɋ& !c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d972c156-2346-44a7-8dba-5a9b20a25ab4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=712dc103-87fb-43f0-af23-38af418be0f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**!c ]Ɋ& !!c F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d972c156-2346-44a7-8dba-5a9b20a25ab4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=712dc103-87fb-43f0-af23-38af418be0f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**XNc ]Ɋ& !XNc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bbeb24ae-e864-4e62-a1b1-07f3ab5879f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**pNc ]Ɋ& !XNc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bbeb24ae-e864-4e62-a1b1-07f3ab5879f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**pNc ]Ɋ& !XNc F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bbeb24ae-e864-4e62-a1b1-07f3ab5879f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**hNc ]Ɋ& !XNc F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bbeb24ae-e864-4e62-a1b1-07f3ab5879f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**hNc ]Ɋ& !XNc F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bbeb24ae-e864-4e62-a1b1-07f3ab5879f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**hNc ]Ɋ& !XNc F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bbeb24ae-e864-4e62-a1b1-07f3ab5879f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**Nc ]Ɋ&  !Nc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bbeb24ae-e864-4e62-a1b1-07f3ab5879f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=187cd63f-8c10-4aba-b5ac-827451de0012 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**c ]Ɋ& !c F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bbeb24ae-e864-4e62-a1b1-07f3ab5879f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=187cd63f-8c10-4aba-b5ac-827451de0012 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring**c ]Ɋ& '!Xc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8d5bb72d-0264-4ed3-a304-a9fb4f924720 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**c ]Ɋ& ?!Xc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8d5bb72d-0264-4ed3-a304-a9fb4f924720 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**c ]Ɋ& ;!Xc F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8d5bb72d-0264-4ed3-a304-a9fb4f924720 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**c ]Ɋ& 3!Xc F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8d5bb72d-0264-4ed3-a304-a9fb4f924720 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==58**c ]Ɋ& 3!Xc F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8d5bb72d-0264-4ed3-a304-a9fb4f924720 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**c ]Ɋ& 5!Xc F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8d5bb72d-0264-4ed3-a304-a9fb4f924720 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ba**0c ]Ɋ& !c F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8d5bb72d-0264-4ed3-a304-a9fb4f924720 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ddea810b-624e-4e4d-aa94-461c18b67618 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@{c ]Ɋ& !{c F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8d5bb72d-0264-4ed3-a304-a9fb4f924720 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ddea810b-624e-4e4d-aa94-461c18b67618 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**~ ǎ ]Ɋ& )!X~ ǎ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=29d65f70-5ef7-4ae4-94cf-d406609cc19e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**~ ǎ ]Ɋ& A!X~ ǎ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=29d65f70-5ef7-4ae4-94cf-d406609cc19e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **~ ǎ ]Ɋ& =!X~ ǎ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=29d65f70-5ef7-4ae4-94cf-d406609cc19e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ǎ ]Ɋ& 5!X~ ǎ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=29d65f70-5ef7-4ae4-94cf-d406609cc19e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ǎ ]Ɋ& 5!X~ ǎ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=29d65f70-5ef7-4ae4-94cf-d406609cc19e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **~ ǎ ]Ɋ& 7!X~ ǎ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=29d65f70-5ef7-4ae4-94cf-d406609cc19e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0~ ǎ ]Ɋ& !~ ǎ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=29d65f70-5ef7-4ae4-94cf-d406609cc19e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ffc336e5-44be-470e-8a6c-7fd70b0f8f31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@ ǎ ]Ɋ& ! ǎ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=29d65f70-5ef7-4ae4-94cf-d406609cc19e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ffc336e5-44be-470e-8a6c-7fd70b0f8f31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**X ǎ ]Ɋ& !X ǎ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bafcae90-7034-44d0-88df-e0a24d7ac290 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**p ǎ ]Ɋ& !X ǎ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bafcae90-7034-44d0-88df-e0a24d7ac290 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**h ǎ ]Ɋ& !X ǎ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bafcae90-7034-44d0-88df-e0a24d7ac290 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**` ǎ ]Ɋ& !X ǎ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bafcae90-7034-44d0-88df-e0a24d7ac290 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**` ǎ ]Ɋ& !X ǎ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bafcae90-7034-44d0-88df-e0a24d7ac290 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h ǎ ]Ɋ& !X ǎ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bafcae90-7034-44d0-88df-e0a24d7ac290 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich** ǎ ]Ɋ&  ! ǎ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bafcae90-7034-44d0-88df-e0a24d7ac290 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f71542e7-1654-4374-89fc-a68a3a3f44e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=** ǎ ]Ɋ& ! ǎ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bafcae90-7034-44d0-88df-e0a24d7ac290 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f71542e7-1654-4374-89fc-a68a3a3f44e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8H ǎ ]Ɋ& !XH ǎ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=efa560f5-6a4a-471f-b5dc-7e669ccc3bde HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**PH ǎ ]Ɋ& !XH ǎ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=efa560f5-6a4a-471f-b5dc-7e669ccc3bde HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**PH ǎ ]Ɋ& !XH ǎ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=efa560f5-6a4a-471f-b5dc-7e669ccc3bde HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**HH ǎ ]Ɋ& !XH ǎ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=efa560f5-6a4a-471f-b5dc-7e669ccc3bde HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**HH ǎ ]Ɋ& !XH ǎ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=efa560f5-6a4a-471f-b5dc-7e669ccc3bde HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=439dH PipelineI ]Ɋ&  XH ǎ F&ElfChnk((h nyL5Mu=VysMc&&**HH ǎ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! +!XH ǎ F&F%g>9{p(xlMD EventDatauoData !BinaryxVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=efa560f5-6a4a-471f-b5dc-7e669ccc3bde HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ǎ ]Ɋ& !H ǎ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=efa560f5-6a4a-471f-b5dc-7e669ccc3bde HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7a01000-62ba-4e3d-bcc3-e8d0c9d7e470 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]֘**H ǎ ]Ɋ& !H ǎ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=efa560f5-6a4a-471f-b5dc-7e669ccc3bde HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7a01000-62ba-4e3d-bcc3-e8d0c9d7e470 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XH ǎ ]Ɋ& !XH ǎ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dcd0e12a-03f6-4a8c-adc2-f0efc9312d25 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pH ǎ ]Ɋ& !XH ǎ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dcd0e12a-03f6-4a8c-adc2-f0efc9312d25 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**hH ǎ ]Ɋ& !XH ǎ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dcd0e12a-03f6-4a8c-adc2-f0efc9312d25 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`H ǎ ]Ɋ& !XH ǎ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dcd0e12a-03f6-4a8c-adc2-f0efc9312d25 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`H ǎ ]Ɋ& !XH ǎ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dcd0e12a-03f6-4a8c-adc2-f0efc9312d25 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`H ǎ ]Ɋ& !XH ǎ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dcd0e12a-03f6-4a8c-adc2-f0efc9312d25 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**H ǎ ]Ɋ& !H ǎ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dcd0e12a-03f6-4a8c-adc2-f0efc9312d25 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3b879fdc-c952-4061-9653-a438e18f6520 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H ǎ ]Ɋ& !H ǎ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dcd0e12a-03f6-4a8c-adc2-f0efc9312d25 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3b879fdc-c952-4061-9653-a438e18f6520 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(L ǎ ]Ɋ& !XL ǎ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d9a4764b-6b54-4d38-a600-8e67169ad50a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@L ǎ ]Ɋ& !XL ǎ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d9a4764b-6b54-4d38-a600-8e67169ad50a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d@**@L ǎ ]Ɋ& !XL ǎ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d9a4764b-6b54-4d38-a600-8e67169ad50a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8L ǎ ]Ɋ& !XL ǎ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d9a4764b-6b54-4d38-a600-8e67169ad50a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8L ǎ ]Ɋ& !XL ǎ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d9a4764b-6b54-4d38-a600-8e67169ad50a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==bb8**8L ǎ ]Ɋ& !XL ǎ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d9a4764b-6b54-4d38-a600-8e67169ad50a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8** L ǎ ]Ɋ& !L ǎ  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d9a4764b-6b54-4d38-a600-8e67169ad50a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6730ab08-a1b0-41cf-bd09-b233e47d153f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at** y ǎ ]Ɋ& !y ǎ  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d9a4764b-6b54-4d38-a600-8e67169ad50a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6730ab08-a1b0-41cf-bd09-b233e47d153f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**X Cǎ ]Ɋ& !XCǎ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cada50e0-52a0-4d51-af31-d9397f4bfd80 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**p Cǎ ]Ɋ& !XCǎ  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cada50e0-52a0-4d51-af31-d9397f4bfd80 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**p Cǎ ]Ɋ& !XCǎ  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cada50e0-52a0-4d51-af31-d9397f4bfd80 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**hCǎ ]Ɋ& !XCǎ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cada50e0-52a0-4d51-af31-d9397f4bfd80 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**hCǎ ]Ɋ& !XCǎ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cada50e0-52a0-4d51-af31-d9397f4bfd80 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hCǎ ]Ɋ& !XCǎ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cada50e0-52a0-4d51-af31-d9397f4bfd80 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**Cǎ ]Ɋ&  !Cǎ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cada50e0-52a0-4d51-af31-d9397f4bfd80 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=466700d3-7b2a-4b95-952c-2847e9266536 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<ǎ ]Ɋ& !<ǎ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cada50e0-52a0-4d51-af31-d9397f4bfd80 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=466700d3-7b2a-4b95-952c-2847e9266536 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **<ǎ ]Ɋ& '!X<ǎ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=70627fa2-7fa9-477d-868f-493b80938de4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**<ǎ ]Ɋ& ?!X<ǎ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=70627fa2-7fa9-477d-868f-493b80938de4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**<ǎ ]Ɋ& ;!X<ǎ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=70627fa2-7fa9-477d-868f-493b80938de4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**<ǎ ]Ɋ& 3!X<ǎ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=70627fa2-7fa9-477d-868f-493b80938de4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**<ǎ ]Ɋ& 3!X<ǎ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=70627fa2-7fa9-477d-868f-493b80938de4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**<ǎ ]Ɋ& 5!X<ǎ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=70627fa2-7fa9-477d-868f-493b80938de4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0<ǎ ]Ɋ& !<ǎ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=70627fa2-7fa9-477d-868f-493b80938de4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7c419885-a1a0-47dc-9d4f-f36ca980268c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@tǎ ]Ɋ& !tǎ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=70627fa2-7fa9-477d-868f-493b80938de4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7c419885-a1a0-47dc-9d4f-f36ca980268c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 @*** ]Ɋ& )!X* F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bcfccbe4-7bb6-47e1-91ed-ec542643e4e5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uctS*** ]Ɋ& A!X* F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bcfccbe4-7bb6-47e1-91ed-ec542643e4e5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=curi*** ]Ɋ& =!X* F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bcfccbe4-7bb6-47e1-91ed-ec542643e4e5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= *** ]Ɋ& 5!X* F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bcfccbe4-7bb6-47e1-91ed-ec542643e4e5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= *** ]Ɋ& 5!X* F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bcfccbe4-7bb6-47e1-91ed-ec542643e4e5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi** * ]Ɋ& 7!X*  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bcfccbe4-7bb6-47e1-91ed-ec542643e4e5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0!* ]Ɋ& !*! F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bcfccbe4-7bb6-47e1-91ed-ec542643e4e5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f8dd796d-bf73-4e67-b946-9795eeb6a8cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@"ֶ* ]Ɋ& !ֶ*" F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bcfccbe4-7bb6-47e1-91ed-ec542643e4e5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f8dd796d-bf73-4e67-b946-9795eeb6a8cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X#mO* ]Ɋ& !XmO*# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b04a908c-1757-4877-8597-dd02699daa12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p$mO* ]Ɋ& !XmO*$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b04a908c-1757-4877-8597-dd02699daa12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h%mO* ]Ɋ& !XmO*% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b04a908c-1757-4877-8597-dd02699daa12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`&mO* ]Ɋ& !XmO*& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b04a908c-1757-4877-8597-dd02699daa12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`'mO* ]Ɋ& !XmO*' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b04a908c-1757-4877-8597-dd02699daa12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h(mO* ]Ɋ& !XmO*( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b04a908c-1757-4877-8597-dd02699daa12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h ]Ɋ& XH ǎmO*ElfChnk)Y)YCb Mu=VysMc&&**)mO* ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !mO*) F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b04a908c-1757-4877-8597-dd02699daa12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=abaa9ac5-5650-4711-a3c7-ffc7de510e30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=***mO* ]Ɋ& !mO** F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b04a908c-1757-4877-8597-dd02699daa12 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=abaa9ac5-5650-4711-a3c7-ffc7de510e30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8+* ]Ɋ& !X*+ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a203741a-8c2e-4403-a275-3f61e3bfd059 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P,* ]Ɋ& !X*, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a203741a-8c2e-4403-a275-3f61e3bfd059 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**P-* ]Ɋ& !X*- F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a203741a-8c2e-4403-a275-3f61e3bfd059 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**P**H.* ]Ɋ& !X*. F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a203741a-8c2e-4403-a275-3f61e3bfd059 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**H/* ]Ɋ& !X*/ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a203741a-8c2e-4403-a275-3f61e3bfd059 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**H0* ]Ɋ& !X*0 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a203741a-8c2e-4403-a275-3f61e3bfd059 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**1* ]Ɋ& !*1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a203741a-8c2e-4403-a275-3f61e3bfd059 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5912bc1b-78d7-40da-9454-d7d5b0cb8c20 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLi**2* ]Ɋ& !*2 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a203741a-8c2e-4403-a275-3f61e3bfd059 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5912bc1b-78d7-40da-9454-d7d5b0cb8c20 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**X3* ]Ɋ& !X*3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee016179-84bd-4e8b-b80d-633c4d0097aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNamX**p4* ]Ɋ& !X*4 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee016179-84bd-4e8b-b80d-633c4d0097aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**h5* ]Ɋ& !X*5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee016179-84bd-4e8b-b80d-633c4d0097aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**`6* ]Ɋ& !X*6 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee016179-84bd-4e8b-b80d-633c4d0097aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca`**`7* ]Ɋ& !X*7 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee016179-84bd-4e8b-b80d-633c4d0097aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`8* ]Ɋ& !X*8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee016179-84bd-4e8b-b80d-633c4d0097aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=L`**9* ]Ɋ& !*9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee016179-84bd-4e8b-b80d-633c4d0097aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d3b619b7-4be8-482b-97d8-504bfeed96e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**:* ]Ɋ& !*: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee016179-84bd-4e8b-b80d-633c4d0097aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d3b619b7-4be8-482b-97d8-504bfeed96e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(;* ]Ɋ& !X*; F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=23685061-2487-4399-b2bf-449e5e563f7d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2(**@<* ]Ɋ& !X*< F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=23685061-2487-4399-b2bf-449e5e563f7d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@=* ]Ɋ& !X*= F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=23685061-2487-4399-b2bf-449e5e563f7d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da@**8>* ]Ɋ& !X*> F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=23685061-2487-4399-b2bf-449e5e563f7d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on\8**8?* ]Ɋ& !X*? F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=23685061-2487-4399-b2bf-449e5e563f7d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver8**8@* ]Ɋ& !X*@ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=23685061-2487-4399-b2bf-449e5e563f7d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**A* ]Ɋ& !*A F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=23685061-2487-4399-b2bf-449e5e563f7d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=59e01ffc-3567-4e26-bb0c-8917dfedda45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri**B0* ]Ɋ& !0*B F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=23685061-2487-4399-b2bf-449e5e563f7d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=59e01ffc-3567-4e26-bb0c-8917dfedda45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | O**XC* ]Ɋ& !X*C F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4bce3564-d2b5-46a6-915a-4dc23d0ed997 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pD* ]Ɋ& !X*D F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4bce3564-d2b5-46a6-915a-4dc23d0ed997 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**pE* ]Ɋ& !X*E F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4bce3564-d2b5-46a6-915a-4dc23d0ed997 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fo]p**hF* ]Ɋ& !X*F F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4bce3564-d2b5-46a6-915a-4dc23d0ed997 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hG* ]Ɋ& !X*G F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4bce3564-d2b5-46a6-915a-4dc23d0ed997 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hH* ]Ɋ& !X*H F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4bce3564-d2b5-46a6-915a-4dc23d0ed997 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Coh**I* ]Ɋ&  !*I F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4bce3564-d2b5-46a6-915a-4dc23d0ed997 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=61d3aee1-e77d-48e9-a6d5-bf38358d7bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**J{* ]Ɋ& !{*J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4bce3564-d2b5-46a6-915a-4dc23d0ed997 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=61d3aee1-e77d-48e9-a6d5-bf38358d7bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**K!* ]Ɋ& '!X!*K F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5d710338-6cb7-49b4-83a7-4eb5e539bf4c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**L!* ]Ɋ& ?!X!*L F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5d710338-6cb7-49b4-83a7-4eb5e539bf4c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**M!* ]Ɋ& ;!X!*M F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5d710338-6cb7-49b4-83a7-4eb5e539bf4c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as**N!* ]Ɋ& 3!X!*N F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5d710338-6cb7-49b4-83a7-4eb5e539bf4c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ing**O!* ]Ɋ& 3!X!*O F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5d710338-6cb7-49b4-83a7-4eb5e539bf4c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art**P!* ]Ɋ& 5!X!*P F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5d710338-6cb7-49b4-83a7-4eb5e539bf4c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65**0Q!* ]Ɋ& !!*Q F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5d710338-6cb7-49b4-83a7-4eb5e539bf4c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b49f19e1-6843-4fb9-bfe1-20b712edb12d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@R* ]Ɋ& !*R F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5d710338-6cb7-49b4-83a7-4eb5e539bf4c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b49f19e1-6843-4fb9-bfe1-20b712edb12d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e67-@**S%!v ]Ɋ& )!X%!vS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a6641ec8-66a6-4702-a308-aae4dd4f0560 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**T%!v ]Ɋ& A!X%!vT F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a6641ec8-66a6-4702-a308-aae4dd4f0560 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**U%!v ]Ɋ& =!X%!vU F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a6641ec8-66a6-4702-a308-aae4dd4f0560 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=77**V%!v ]Ɋ& 5!X%!vV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a6641ec8-66a6-4702-a308-aae4dd4f0560 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**W%!v ]Ɋ& 5!X%!vW F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a6641ec8-66a6-4702-a308-aae4dd4f0560 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**X%!v ]Ɋ& 7!X%!vX F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a6641ec8-66a6-4702-a308-aae4dd4f0560 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0Y%!v ]Ɋ& !%!vY F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a6641ec8-66a6-4702-a308-aae4dd4f0560 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9eb3e739-f30e-4126-a0c9-79339dd44c29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 XH ǎmO*ElfChnkZZXדMu=VysMc&&**@ZR/#v ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!R/#vZ F&F%g>9{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a6641ec8-66a6-4702-a308-aae4dd4f0560 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9eb3e739-f30e-4126-a0c9-79339dd44c29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X[R/#v ]Ɋ& !XR/#v[ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ec4fc7fe-0ad5-4596-a531-17285497c6c6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=711X**p\R/#v ]Ɋ& !XR/#v\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ec4fc7fe-0ad5-4596-a531-17285497c6c6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**h]R/#v ]Ɋ& !XR/#v] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ec4fc7fe-0ad5-4596-a531-17285497c6c6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`^R/#v ]Ɋ& !XR/#v^ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ec4fc7fe-0ad5-4596-a531-17285497c6c6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`_R/#v ]Ɋ& !XR/#v_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ec4fc7fe-0ad5-4596-a531-17285497c6c6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**h`R/#v ]Ɋ& !XR/#v` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ec4fc7fe-0ad5-4596-a531-17285497c6c6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**aR/#v ]Ɋ&  !R/#va F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ec4fc7fe-0ad5-4596-a531-17285497c6c6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=830e01cb-7116-4cf9-b268-85efb6b087a7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**b#v ]Ɋ& !#vb F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ec4fc7fe-0ad5-4596-a531-17285497c6c6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=830e01cb-7116-4cf9-b268-85efb6b087a7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8c#v ]Ɋ& !X#vc F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a60bb949-ddd9-44bc-9a04-a96b23424feb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**Pd#v ]Ɋ& !X#vd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a60bb949-ddd9-44bc-9a04-a96b23424feb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**Pe#v ]Ɋ& !X#ve F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a60bb949-ddd9-44bc-9a04-a96b23424feb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**Hf#v ]Ɋ& !X#vf F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a60bb949-ddd9-44bc-9a04-a96b23424feb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**Hg#v ]Ɋ& !X#vg F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a60bb949-ddd9-44bc-9a04-a96b23424feb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**Hh#v ]Ɋ& !X#vh F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a60bb949-ddd9-44bc-9a04-a96b23424feb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**i#v ]Ɋ& !#vi F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a60bb949-ddd9-44bc-9a04-a96b23424feb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34244cb4-fc5a-444a-a1fe-8212bf9f02e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**j#v ]Ɋ& !#vj F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a60bb949-ddd9-44bc-9a04-a96b23424feb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34244cb4-fc5a-444a-a1fe-8212bf9f02e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**Xk#v ]Ɋ& !X#vk F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a912da52-45b9-470f-b9f7-a96c768872a8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-504X**pl#v ]Ɋ& !X#vl F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a912da52-45b9-470f-b9f7-a96c768872a8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**hm#v ]Ɋ& !X#vm F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a912da52-45b9-470f-b9f7-a96c768872a8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`n#v ]Ɋ& !X#vn F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a912da52-45b9-470f-b9f7-a96c768872a8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7-`**`o#v ]Ɋ& !X#vo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a912da52-45b9-470f-b9f7-a96c768872a8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`p#v ]Ɋ& !X#vp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a912da52-45b9-470f-b9f7-a96c768872a8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**q#v ]Ɋ& !#vq F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a912da52-45b9-470f-b9f7-a96c768872a8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08e1169e-5b75-4f79-9d7b-5c67cadb4397 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**r`$v ]Ɋ& !`$vr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a912da52-45b9-470f-b9f7-a96c768872a8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08e1169e-5b75-4f79-9d7b-5c67cadb4397 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(s`$v ]Ɋ& !X`$vs F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b30e9dab-119e-4e32-af0b-a05b83da43d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@t`$v ]Ɋ& !X`$vt F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b30e9dab-119e-4e32-af0b-a05b83da43d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@u`$v ]Ɋ& !X`$vu F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b30e9dab-119e-4e32-af0b-a05b83da43d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8v`$v ]Ɋ& !X`$vv F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b30e9dab-119e-4e32-af0b-a05b83da43d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8w`$v ]Ɋ& !X`$vw F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b30e9dab-119e-4e32-af0b-a05b83da43d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8x`$v ]Ɋ& !X`$vx F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b30e9dab-119e-4e32-af0b-a05b83da43d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**y`$v ]Ɋ& !`$vy F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b30e9dab-119e-4e32-af0b-a05b83da43d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=63ae5fe2-d68e-475c-b68a-5c43e7b51fab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **z$v ]Ɋ& !$vz F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b30e9dab-119e-4e32-af0b-a05b83da43d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=63ae5fe2-d68e-475c-b68a-5c43e7b51fab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**X{&v ]Ɋ& !X&v{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b954db7c-23ae-435a-8431-c30410f9eb21 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p|&v ]Ɋ& !X&v| F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b954db7c-23ae-435a-8431-c30410f9eb21 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p}&v ]Ɋ& !X&v} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b954db7c-23ae-435a-8431-c30410f9eb21 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**h~&v ]Ɋ& !X&v~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b954db7c-23ae-435a-8431-c30410f9eb21 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**h&v ]Ɋ& !X&v F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b954db7c-23ae-435a-8431-c30410f9eb21 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**h&v ]Ɋ& !X&v F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b954db7c-23ae-435a-8431-c30410f9eb21 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh**&v ]Ɋ&  !&v F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b954db7c-23ae-435a-8431-c30410f9eb21 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=20ad2cf6-7152-4fbe-b7b7-a9757c56b30b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**o['v ]Ɋ& !o['v F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b954db7c-23ae-435a-8431-c30410f9eb21 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=20ad2cf6-7152-4fbe-b7b7-a9757c56b30b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**o['v ]Ɋ& '!Xo['v F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=05efc421-9fd4-4231-acd8-8669950c7da3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**o['v ]Ɋ& ?!Xo['v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=05efc421-9fd4-4231-acd8-8669950c7da3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**o['v ]Ɋ& ;!Xo['v F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=05efc421-9fd4-4231-acd8-8669950c7da3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**o['v ]Ɋ& 3!Xo['v F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=05efc421-9fd4-4231-acd8-8669950c7da3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro**o['v ]Ɋ& 3!Xo['v F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=05efc421-9fd4-4231-acd8-8669950c7da3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**o['v ]Ɋ& 5!Xo['v F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=05efc421-9fd4-4231-acd8-8669950c7da3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0o['v ]Ɋ& !o['v F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=05efc421-9fd4-4231-acd8-8669950c7da3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=99922451-1693-431f-989a-f51a744437c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os'v F&on=4.0 HostId=a6641ec8-66a6-4702-a308-aae4dd4f0560 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9eb3e739-f30e-4126-a0c9-79339dd44c29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 XH ǎmO*ElfChnkA1K&zMu=VysMc&&**@ 'v ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!'v F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=05efc421-9fd4-4231-acd8-8669950c7da3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=99922451-1693-431f-989a-f51a744437c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ **rDٕ ]Ɋ& )!XrDٕ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=442c21cd-5230-4680-9ab5-8e6f64df0672 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=3 **rDٕ ]Ɋ& A!XrDٕ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=442c21cd-5230-4680-9ab5-8e6f64df0672 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNa**rDٕ ]Ɋ& =!XrDٕ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=442c21cd-5230-4680-9ab5-8e6f64df0672 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**rDٕ ]Ɋ& 5!XrDٕ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=442c21cd-5230-4680-9ab5-8e6f64df0672 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **rDٕ ]Ɋ& 5!XrDٕ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=442c21cd-5230-4680-9ab5-8e6f64df0672 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**rDٕ ]Ɋ& 7!XrDٕ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=442c21cd-5230-4680-9ab5-8e6f64df0672 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0 ݞٕ ]Ɋ& ! ݞٕ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=442c21cd-5230-4680-9ab5-8e6f64df0672 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d7b9fdea-26de-4e24-b770-5c5eb1759020 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@uٕ ]Ɋ& !uٕ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=442c21cd-5230-4680-9ab5-8e6f64df0672 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d7b9fdea-26de-4e24-b770-5c5eb1759020 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**Xuٕ ]Ɋ& !Xuٕ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2d9988ad-eed8-4666-b64e-38bcba41ae26 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**puٕ ]Ɋ& !Xuٕ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2d9988ad-eed8-4666-b64e-38bcba41ae26 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**huٕ ]Ɋ& !Xuٕ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2d9988ad-eed8-4666-b64e-38bcba41ae26 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`uٕ ]Ɋ& !Xuٕ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2d9988ad-eed8-4666-b64e-38bcba41ae26 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`uٕ ]Ɋ& !Xuٕ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2d9988ad-eed8-4666-b64e-38bcba41ae26 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**huٕ ]Ɋ& !Xuٕ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2d9988ad-eed8-4666-b64e-38bcba41ae26 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**uٕ ]Ɋ&  !uٕ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2d9988ad-eed8-4666-b64e-38bcba41ae26 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1d20d10-78d7-4957-b679-890569f07614 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **6ٕ ]Ɋ& !6ٕ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2d9988ad-eed8-4666-b64e-38bcba41ae26 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1d20d10-78d7-4957-b679-890569f07614 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**86ٕ ]Ɋ& !X6ٕ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4f11a4f5-1bc8-406e-960c-7d4e9a98c267 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P6ٕ ]Ɋ& !X6ٕ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4f11a4f5-1bc8-406e-960c-7d4e9a98c267 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P6ٕ ]Ɋ& !X6ٕ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4f11a4f5-1bc8-406e-960c-7d4e9a98c267 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H6ٕ ]Ɋ& !X6ٕ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4f11a4f5-1bc8-406e-960c-7d4e9a98c267 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**H6ٕ ]Ɋ& !X6ٕ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4f11a4f5-1bc8-406e-960c-7d4e9a98c267 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**H6ٕ ]Ɋ& !X6ٕ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4f11a4f5-1bc8-406e-960c-7d4e9a98c267 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**6ٕ ]Ɋ& !6ٕ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4f11a4f5-1bc8-406e-960c-7d4e9a98c267 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e5b7a20-9051-4c1e-8943-0a0b04bf50ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**6ٕ ]Ɋ& !6ٕ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4f11a4f5-1bc8-406e-960c-7d4e9a98c267 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e5b7a20-9051-4c1e-8943-0a0b04bf50ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**X̦ٕ ]Ɋ& !X̦ٕ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2ac17413-f771-41c5-ba4a-ad7168ee1087 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**p̦ٕ ]Ɋ& !X̦ٕ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2ac17413-f771-41c5-ba4a-ad7168ee1087 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**h̦ٕ ]Ɋ& !X̦ٕ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2ac17413-f771-41c5-ba4a-ad7168ee1087 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`̦ٕ ]Ɋ& !X̦ٕ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2ac17413-f771-41c5-ba4a-ad7168ee1087 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`̦ٕ ]Ɋ& !X̦ٕ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2ac17413-f771-41c5-ba4a-ad7168ee1087 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`̦ٕ ]Ɋ& !X̦ٕ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2ac17413-f771-41c5-ba4a-ad7168ee1087 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**̦ٕ ]Ɋ& !̦ٕ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2ac17413-f771-41c5-ba4a-ad7168ee1087 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b635eac2-8b93-4a50-b078-91c90acbca9d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**̦ٕ ]Ɋ& !̦ٕ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2ac17413-f771-41c5-ba4a-ad7168ee1087 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b635eac2-8b93-4a50-b078-91c90acbca9d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(̦ٕ ]Ɋ& !X̦ٕ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e8afc6b9-5db0-4f30-82e5-8241613c0f63 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2(**@̦ٕ ]Ɋ& !X̦ٕ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e8afc6b9-5db0-4f30-82e5-8241613c0f63 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@̦ٕ ]Ɋ& !X̦ٕ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e8afc6b9-5db0-4f30-82e5-8241613c0f63 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=|@**8̦ٕ ]Ɋ& !X̦ٕ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e8afc6b9-5db0-4f30-82e5-8241613c0f63 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8̦ٕ ]Ɋ& !X̦ٕ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e8afc6b9-5db0-4f30-82e5-8241613c0f63 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8̦ٕ ]Ɋ& !X̦ٕ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e8afc6b9-5db0-4f30-82e5-8241613c0f63 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**̦ٕ ]Ɋ& !̦ٕ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e8afc6b9-5db0-4f30-82e5-8241613c0f63 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9f4a38fd-1e26-4e79-8769-52f3d26aa31c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**c?ٕ ]Ɋ& !c?ٕ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e8afc6b9-5db0-4f30-82e5-8241613c0f63 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9f4a38fd-1e26-4e79-8769-52f3d26aa31c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**X& ٕ ]Ɋ& !X& ٕ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1b07600f-3f4b-4a87-8c3d-2f27275077db HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p& ٕ ]Ɋ& !X& ٕ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1b07600f-3f4b-4a87-8c3d-2f27275077db HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p& ٕ ]Ɋ& !X& ٕ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1b07600f-3f4b-4a87-8c3d-2f27275077db HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**h& ٕ ]Ɋ& !X& ٕ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1b07600f-3f4b-4a87-8c3d-2f27275077db HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**h& ٕ ]Ɋ& !X& ٕ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1b07600f-3f4b-4a87-8c3d-2f27275077db HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=995h**h& ٕ ]Ɋ& !X& ٕ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1b07600f-3f4b-4a87-8c3d-2f27275077db HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**& ٕ ]Ɋ&  !& ٕ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1b07600f-3f4b-4a87-8c3d-2f27275077db HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b6da735b-654b-428e-839d-1a74b91c184e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**ٕ ]Ɋ& !ٕ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1b07600f-3f4b-4a87-8c3d-2f27275077db HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b6da735b-654b-428e-839d-1a74b91c184e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**ٕ ]Ɋ& '!Xٕ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5130bdad-74ec-4082-b238-2d3603ecb5d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(n-US')))}} | ]Ɋ& dOXٕ F&=4.0 RunspaceId=99922451-1693-431f-989a-f51a744437c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os'v F&on=4.0 HostId=a6641ec8-66a6-4702-a308-aae4dd4f0560 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9eb3e739-f30e-4126-a0c9-79339dd44c29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 XH ǎmO*ElfChnk0\mMQMu=VysMc&&** ٕ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xٕ F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5130bdad-74ec-4082-b238-2d3603ecb5d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt **ٕ ]Ɋ& ;!Xٕ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5130bdad-74ec-4082-b238-2d3603ecb5d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**ٕ ]Ɋ& 3!Xٕ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5130bdad-74ec-4082-b238-2d3603ecb5d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma**ٕ ]Ɋ& 3!Xٕ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5130bdad-74ec-4082-b238-2d3603ecb5d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0**ٕ ]Ɋ& 5!Xٕ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5130bdad-74ec-4082-b238-2d3603ecb5d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0ٕ ]Ɋ& !ٕ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5130bdad-74ec-4082-b238-2d3603ecb5d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4b61ef1e-d8da-4e0e-869b-1d0594565031 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI0**@S:ٕ ]Ɋ& !S:ٕ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5130bdad-74ec-4082-b238-2d3603ecb5d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4b61ef1e-d8da-4e0e-869b-1d0594565031 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**~= ]Ɋ& )!X~= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=872c0ce7-7d76-4379-bd36-248190e877de HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**~= ]Ɋ& A!X~= F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=872c0ce7-7d76-4379-bd36-248190e877de HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntiv**~= ]Ɋ& =!X~= F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=872c0ce7-7d76-4379-bd36-248190e877de HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**~= ]Ɋ& 5!X~= F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=872c0ce7-7d76-4379-bd36-248190e877de HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=88**~= ]Ɋ& 5!X~= F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=872c0ce7-7d76-4379-bd36-248190e877de HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um**~= ]Ɋ& 7!X~= F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=872c0ce7-7d76-4379-bd36-248190e877de HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0~= ]Ɋ& !~= F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=872c0ce7-7d76-4379-bd36-248190e877de HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c5c17b8e-a598-45b6-a03c-eb2fb41076f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@= ]Ɋ& != F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=872c0ce7-7d76-4379-bd36-248190e877de HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c5c17b8e-a598-45b6-a03c-eb2fb41076f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= @**X= ]Ɋ& !X= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d799e650-671d-490e-bfce-ec7d5dc60d7b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==X**p= ]Ɋ& !X= F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d799e650-671d-490e-bfce-ec7d5dc60d7b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6p**h= ]Ɋ& !X= F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d799e650-671d-490e-bfce-ec7d5dc60d7b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`= ]Ɋ& !X= F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d799e650-671d-490e-bfce-ec7d5dc60d7b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`= ]Ɋ& !X= F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d799e650-671d-490e-bfce-ec7d5dc60d7b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h= ]Ɋ& !X= F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d799e650-671d-490e-bfce-ec7d5dc60d7b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**= ]Ɋ&  != F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d799e650-671d-490e-bfce-ec7d5dc60d7b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b28a7387-50ae-43c2-a288-581788dd050f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**= ]Ɋ& != F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d799e650-671d-490e-bfce-ec7d5dc60d7b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b28a7387-50ae-43c2-a288-581788dd050f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8Gw= ]Ɋ& !XGw= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eafd327a-dfef-42ee-b282-bdbd86ff4380 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PGw= ]Ɋ& !XGw= F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eafd327a-dfef-42ee-b282-bdbd86ff4380 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PGw= ]Ɋ& !XGw= F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eafd327a-dfef-42ee-b282-bdbd86ff4380 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HGw= ]Ɋ& !XGw= F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eafd327a-dfef-42ee-b282-bdbd86ff4380 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HGw= ]Ɋ& !XGw= F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eafd327a-dfef-42ee-b282-bdbd86ff4380 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HGw= ]Ɋ& !XGw= F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eafd327a-dfef-42ee-b282-bdbd86ff4380 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Gw= ]Ɋ& !Gw= F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eafd327a-dfef-42ee-b282-bdbd86ff4380 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e6c26eb6-d918-449f-8320-29e20272de5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****Gw= ]Ɋ& !Gw= F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eafd327a-dfef-42ee-b282-bdbd86ff4380 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e6c26eb6-d918-449f-8320-29e20272de5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**XGw= ]Ɋ& !XGw= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d07fec05-038a-4ac7-b911-9f40fa63ba8f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginX**pGw= ]Ɋ& !XGw= F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d07fec05-038a-4ac7-b911-9f40fa63ba8f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hGw= ]Ɋ& !XGw= F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d07fec05-038a-4ac7-b911-9f40fa63ba8f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leh**`Gw= ]Ɋ& !XGw= F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d07fec05-038a-4ac7-b911-9f40fa63ba8f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H`**`Gw= ]Ɋ& !XGw= F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d07fec05-038a-4ac7-b911-9f40fa63ba8f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`Gw= ]Ɋ& !XGw= F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d07fec05-038a-4ac7-b911-9f40fa63ba8f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Gw= ]Ɋ& !Gw= F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d07fec05-038a-4ac7-b911-9f40fa63ba8f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=297c3e9a-919b-407a-9144-154e4910f446 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**Gw= ]Ɋ& !Gw= F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d07fec05-038a-4ac7-b911-9f40fa63ba8f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=297c3e9a-919b-407a-9144-154e4910f446 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**(= ]Ɋ& !X= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3107054-4a4c-4136-a1e7-097f47eeae6b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@= ]Ɋ& !X= F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3107054-4a4c-4136-a1e7-097f47eeae6b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@= ]Ɋ& !X= F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3107054-4a4c-4136-a1e7-097f47eeae6b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= en@**8= ]Ɋ& !X= F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3107054-4a4c-4136-a1e7-097f47eeae6b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8= ]Ɋ& !X= F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3107054-4a4c-4136-a1e7-097f47eeae6b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=& 8**8= ]Ɋ& !X= F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3107054-4a4c-4136-a1e7-097f47eeae6b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**= ]Ɋ& != F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3107054-4a4c-4136-a1e7-097f47eeae6b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d01bc024-292b-43c2-a540-42eebae5bac7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='i**t= ]Ɋ& !t= F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3107054-4a4c-4136-a1e7-097f47eeae6b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d01bc024-292b-43c2-a540-42eebae5bac7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | f**X8r= ]Ɋ& !X8r= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6acbe3ea-e6a4-47e8-9206-f38ff5ae89ad HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p8r= ]Ɋ& !X8r= F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6acbe3ea-e6a4-47e8-9206-f38ff5ae89ad HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=op**p8r= ]Ɋ& !X8r= F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6acbe3ea-e6a4-47e8-9206-f38ff5ae89ad HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,Dp**h8r= ]Ɋ& !X8r= F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6acbe3ea-e6a4-47e8-9206-f38ff5ae89ad HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nabhd | Out-Stri ]Ɋ& d=X8r= F&dd44c29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 XH ǎmO*ElfChnk!!hmXMu=VysMc&&**h 8r= ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!X8r= F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6acbe3ea-e6a4-47e8-9206-f38ff5ae89ad HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h8r= ]Ɋ& !X8r= F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6acbe3ea-e6a4-47e8-9206-f38ff5ae89ad HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**8r= ]Ɋ&  !8r= F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6acbe3ea-e6a4-47e8-9206-f38ff5ae89ad HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=701f6a85-dec7-48e3-b356-6df30b909188 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H** = ]Ɋ& ! = F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6acbe3ea-e6a4-47e8-9206-f38ff5ae89ad HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=701f6a85-dec7-48e3-b356-6df30b909188 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name** = ]Ɋ& '!X = F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=577721fd-ac69-44fd-a9ef-9745054a3a56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m** = ]Ɋ& ?!X = F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=577721fd-ac69-44fd-a9ef-9745054a3a56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w** = ]Ɋ& ;!X = F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=577721fd-ac69-44fd-a9ef-9745054a3a56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=481** = ]Ɋ& 3!X = F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=577721fd-ac69-44fd-a9ef-9745054a3a56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** = ]Ɋ& 3!X = F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=577721fd-ac69-44fd-a9ef-9745054a3a56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=190** = ]Ɋ& 5!X = F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=577721fd-ac69-44fd-a9ef-9745054a3a56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0 = ]Ɋ& ! = F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=577721fd-ac69-44fd-a9ef-9745054a3a56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8dcafcb0-8bb7-456c-8f0c-8e5ebfb47ec8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@e= ]Ɋ& !e= F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=577721fd-ac69-44fd-a9ef-9745054a3a56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8dcafcb0-8bb7-456c-8f0c-8e5ebfb47ec8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**u ]Ɋ& )!Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e1d6213b-1299-4a14-8754-0e3d066507a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **u ]Ɋ& A!Xu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e1d6213b-1299-4a14-8754-0e3d066507a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**u ]Ɋ& =!Xu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e1d6213b-1299-4a14-8754-0e3d066507a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**u ]Ɋ& 5!Xu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e1d6213b-1299-4a14-8754-0e3d066507a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**u ]Ɋ& 5!Xu F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e1d6213b-1299-4a14-8754-0e3d066507a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**u ]Ɋ& 7!Xu F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e1d6213b-1299-4a14-8754-0e3d066507a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0  ]Ɋ& !  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e1d6213b-1299-4a14-8754-0e3d066507a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8a5d06ad-aee8-4148-a08b-954f4a28df0d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e1d6213b-1299-4a14-8754-0e3d066507a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8a5d06ad-aee8-4148-a08b-954f4a28df0d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=21e04aec-4d8b-4c8a-a11b-08852ebaed90 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=21e04aec-4d8b-4c8a-a11b-08852ebaed90 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=21e04aec-4d8b-4c8a-a11b-08852ebaed90 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=21e04aec-4d8b-4c8a-a11b-08852ebaed90 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=21e04aec-4d8b-4c8a-a11b-08852ebaed90 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=21e04aec-4d8b-4c8a-a11b-08852ebaed90 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh** M? ]Ɋ&  !M?  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=21e04aec-4d8b-4c8a-a11b-08852ebaed90 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=836caf18-2ad0-4c48-999e-5ffd9b01827c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host** M? ]Ɋ& !M?  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=21e04aec-4d8b-4c8a-a11b-08852ebaed90 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=836caf18-2ad0-4c48-999e-5ffd9b01827c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8 M? ]Ɋ& !XM?  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ccff383c-10c2-4650-8bd2-426aa3fb1680 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**P M? ]Ɋ& !XM?  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ccff383c-10c2-4650-8bd2-426aa3fb1680 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P M? ]Ɋ& !XM?  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ccff383c-10c2-4650-8bd2-426aa3fb1680 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**HM? ]Ɋ& !XM? F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ccff383c-10c2-4650-8bd2-426aa3fb1680 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HM? ]Ɋ& !XM? F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ccff383c-10c2-4650-8bd2-426aa3fb1680 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HM? ]Ɋ& !XM? F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ccff383c-10c2-4650-8bd2-426aa3fb1680 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**M? ]Ɋ& !M? F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ccff383c-10c2-4650-8bd2-426aa3fb1680 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bf247dce-dea3-44c0-9449-499b4d88afc4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**M? ]Ɋ& !M? F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ccff383c-10c2-4650-8bd2-426aa3fb1680 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bf247dce-dea3-44c0-9449-499b4d88afc4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xש ]Ɋ& !Xש F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b70bb7e8-4ff8-44a1-946e-b4548d314f35 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**pש ]Ɋ& !Xש F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b70bb7e8-4ff8-44a1-946e-b4548d314f35 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**hש ]Ɋ& !Xש F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b70bb7e8-4ff8-44a1-946e-b4548d314f35 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`ש ]Ɋ& !Xש F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b70bb7e8-4ff8-44a1-946e-b4548d314f35 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`ש ]Ɋ& !Xש F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b70bb7e8-4ff8-44a1-946e-b4548d314f35 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`ש ]Ɋ& !Xש F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b70bb7e8-4ff8-44a1-946e-b4548d314f35 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**ש ]Ɋ& !ש F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b70bb7e8-4ff8-44a1-946e-b4548d314f35 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=81f00d82-c353-4478-95ab-ff147b971a09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**ש ]Ɋ& !ש F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b70bb7e8-4ff8-44a1-946e-b4548d314f35 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=81f00d82-c353-4478-95ab-ff147b971a09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(ש ]Ɋ& !Xש F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=19ee14bc-9ad3-418d-bb95-73d6aea73814 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@ש ]Ɋ& !Xש F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=19ee14bc-9ad3-418d-bb95-73d6aea73814 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@ש ]Ɋ& !Xש F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=19ee14bc-9ad3-418d-bb95-73d6aea73814 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@**8ש ]Ɋ& !Xש F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=19ee14bc-9ad3-418d-bb95-73d6aea73814 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da8**8ש ]Ɋ& !Xש F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=19ee14bc-9ad3-418d-bb95-73d6aea73814 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\Un8**8 ש ]Ɋ& !Xש  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=19ee14bc-9ad3-418d-bb95-73d6aea73814 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on8**!ש ]Ɋ& !ש! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=19ee14bc-9ad3-418d-bb95-73d6aea73814 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4cce4e03-075b-4b8e-aae4-5b1e7f54fdbf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id CommandNam ]Ɋ&  zp" F&H ǎmO*ElfChnk"S"SpgDMu=VysMc&&** "zp ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! y!zp" F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=19ee14bc-9ad3-418d-bb95-73d6aea73814 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4cce4e03-075b-4b8e-aae4-5b1e7f54fdbf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X#.5 ]Ɋ& !X.5# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=80dd53e8-5052-4d08-b13c-ff8edd7bde3c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sX**p$.5 ]Ɋ& !X.5$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=80dd53e8-5052-4d08-b13c-ff8edd7bde3c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p%.5 ]Ɋ& !X.5% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=80dd53e8-5052-4d08-b13c-ff8edd7bde3c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izep**h&.5 ]Ɋ& !X.5& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=80dd53e8-5052-4d08-b13c-ff8edd7bde3c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**h'.5 ]Ɋ& !X.5' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=80dd53e8-5052-4d08-b13c-ff8edd7bde3c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**h(.5 ]Ɋ& !X.5( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=80dd53e8-5052-4d08-b13c-ff8edd7bde3c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**).5 ]Ɋ&  !.5) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=80dd53e8-5052-4d08-b13c-ff8edd7bde3c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e993504c-ecff-476e-8992-8350ba95dd12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov***ͯ ]Ɋ& !ͯ* F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=80dd53e8-5052-4d08-b13c-ff8edd7bde3c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e993504c-ecff-476e-8992-8350ba95dd12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**+ͯ ]Ɋ& '!Xͯ+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f16d4b57-cb2e-43dc-b8b6-8a90cc011b56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**,ͯ ]Ɋ& ?!Xͯ, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f16d4b57-cb2e-43dc-b8b6-8a90cc011b56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**-ͯ ]Ɋ& ;!Xͯ- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f16d4b57-cb2e-43dc-b8b6-8a90cc011b56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta**.ͯ ]Ɋ& 3!Xͯ. F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f16d4b57-cb2e-43dc-b8b6-8a90cc011b56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**/ͯ ]Ɋ& 3!Xͯ/ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f16d4b57-cb2e-43dc-b8b6-8a90cc011b56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ate**0ͯ ]Ɋ& 5!Xͯ0 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f16d4b57-cb2e-43dc-b8b6-8a90cc011b56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**01ͯ ]Ɋ& !ͯ1 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f16d4b57-cb2e-43dc-b8b6-8a90cc011b56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=aa245dc8-0973-4a19-a434-b0dcb384d149 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st0**@2 ]Ɋ& !2 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f16d4b57-cb2e-43dc-b8b6-8a90cc011b56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=aa245dc8-0973-4a19-a434-b0dcb384d149 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam@**3Q ]Ɋ& )!XQ3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9aac45c5-28b5-4028-8ab5-0321a39b0df0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**4Q ]Ɋ& A!XQ4 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9aac45c5-28b5-4028-8ab5-0321a39b0df0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**5Q ]Ɋ& =!XQ5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9aac45c5-28b5-4028-8ab5-0321a39b0df0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**6Q ]Ɋ& 5!XQ6 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9aac45c5-28b5-4028-8ab5-0321a39b0df0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**7Q ]Ɋ& 5!XQ7 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9aac45c5-28b5-4028-8ab5-0321a39b0df0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**8Q ]Ɋ& 7!XQ8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9aac45c5-28b5-4028-8ab5-0321a39b0df0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**09Q ]Ɋ& !Q9 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9aac45c5-28b5-4028-8ab5-0321a39b0df0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=88838652-88e1-4b8b-a4c9-178edb5a1236 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@:~7 ]Ɋ& !~7: F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9aac45c5-28b5-4028-8ab5-0321a39b0df0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=88838652-88e1-4b8b-a4c9-178edb5a1236 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X;~7 ]Ɋ& !X~7; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4283a01d-f39a-4af7-9eff-b07b0f57f2e9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CX**p<~7 ]Ɋ& !X~7< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4283a01d-f39a-4af7-9eff-b07b0f57f2e9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**h=~7 ]Ɋ& !X~7= F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4283a01d-f39a-4af7-9eff-b07b0f57f2e9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`>~7 ]Ɋ& !X~7> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4283a01d-f39a-4af7-9eff-b07b0f57f2e9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`?~7 ]Ɋ& !X~7? F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4283a01d-f39a-4af7-9eff-b07b0f57f2e9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h@~7 ]Ɋ& !X~7@ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4283a01d-f39a-4af7-9eff-b07b0f57f2e9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**A~7 ]Ɋ&  !~7A F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4283a01d-f39a-4af7-9eff-b07b0f57f2e9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=246d2481-7c2a-4b4a-8f4f-a647c58f178d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**B~7 ]Ɋ& !~7B F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4283a01d-f39a-4af7-9eff-b07b0f57f2e9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=246d2481-7c2a-4b4a-8f4f-a647c58f178d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ew**8C ]Ɋ& !XC F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c4476455-ca49-4a6c-a0dc-f0451dec7ff2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PD ]Ɋ& !XD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c4476455-ca49-4a6c-a0dc-f0451dec7ff2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PE ]Ɋ& !XE F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c4476455-ca49-4a6c-a0dc-f0451dec7ff2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HF ]Ɋ& !XF F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c4476455-ca49-4a6c-a0dc-f0451dec7ff2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HG ]Ɋ& !XG F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c4476455-ca49-4a6c-a0dc-f0451dec7ff2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**HH ]Ɋ& !XH F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c4476455-ca49-4a6c-a0dc-f0451dec7ff2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**I ]Ɋ& !I F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c4476455-ca49-4a6c-a0dc-f0451dec7ff2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c5c50cd5-9b3c-469f-b732-6676bc817f98 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**J ]Ɋ& !J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c4476455-ca49-4a6c-a0dc-f0451dec7ff2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c5c50cd5-9b3c-469f-b732-6676bc817f98 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XK ]Ɋ& !XK F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=723cda84-8ebe-4764-889a-faef67074633 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPatX**pL ]Ɋ& !XL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=723cda84-8ebe-4764-889a-faef67074633 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginp**hM ]Ɋ& !XM F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=723cda84-8ebe-4764-889a-faef67074633 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alh**`N ]Ɋ& !XN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=723cda84-8ebe-4764-889a-faef67074633 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fi`**`O ]Ɋ& !XO F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=723cda84-8ebe-4764-889a-faef67074633 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`P ]Ɋ& !XP F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=723cda84-8ebe-4764-889a-faef67074633 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**Q ]Ɋ& !Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=723cda84-8ebe-4764-889a-faef67074633 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4221fa9-a185-4f7e-b642-1dc048357e04 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**R ]Ɋ& !R F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=723cda84-8ebe-4764-889a-faef67074633 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4221fa9-a185-4f7e-b642-1dc048357e04 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(S ]Ɋ& !XS F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=829d738d-24ee-42c5-b0a2-dd2f2fb20392 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(andType= S ]Ɋ&  XT F&  zp" F&H ǎmO*ElfChnkTT0T-C^EMu=VysMc&&**H T ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! '!XT F&F%g>9{p(xlMD EventDatauoData !BinarytEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=829d738d-24ee-42c5-b0a2-dd2f2fb20392 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptH **@U ]Ɋ& !XU F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=829d738d-24ee-42c5-b0a2-dd2f2fb20392 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIn@**8V ]Ɋ& !XV F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=829d738d-24ee-42c5-b0a2-dd2f2fb20392 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=isp8**8W ]Ɋ& !XW F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=829d738d-24ee-42c5-b0a2-dd2f2fb20392 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8X ]Ɋ& !XX F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=829d738d-24ee-42c5-b0a2-dd2f2fb20392 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc8**Yh ]Ɋ& !hY F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=829d738d-24ee-42c5-b0a2-dd2f2fb20392 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=228b5267-f66c-4129-823c-e4a637f8f867 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ZB ]Ɋ& !BZ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=829d738d-24ee-42c5-b0a2-dd2f2fb20392 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=228b5267-f66c-4129-823c-e4a637f8f867 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNa**X[o2 ]Ɋ& !Xo2[ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=76f9bdc6-f1ad-44e4-a985-0da9901c22f4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p\o2 ]Ɋ& !Xo2\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=76f9bdc6-f1ad-44e4-a985-0da9901c22f4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p]o2 ]Ɋ& !Xo2] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=76f9bdc6-f1ad-44e4-a985-0da9901c22f4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=993p**h^o2 ]Ɋ& !Xo2^ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=76f9bdc6-f1ad-44e4-a985-0da9901c22f4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**h_o2 ]Ɋ& !Xo2_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=76f9bdc6-f1ad-44e4-a985-0da9901c22f4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ͯh**h`o2 ]Ɋ& !Xo2` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=76f9bdc6-f1ad-44e4-a985-0da9901c22f4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**ao2 ]Ɋ&  !o2a F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=76f9bdc6-f1ad-44e4-a985-0da9901c22f4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b5b8ecfd-48aa-48e3-89c3-9912adf42465 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**b ]Ɋ& !b F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=76f9bdc6-f1ad-44e4-a985-0da9901c22f4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b5b8ecfd-48aa-48e3-89c3-9912adf42465 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wers**cc ]Ɋ& '!Xcc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a7ba7c47-da5d-4bbe-97da-98a681084082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**dc ]Ɋ& ?!Xcd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a7ba7c47-da5d-4bbe-97da-98a681084082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**ec ]Ɋ& ;!Xce F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a7ba7c47-da5d-4bbe-97da-98a681084082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**fc ]Ɋ& 3!Xcf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a7ba7c47-da5d-4bbe-97da-98a681084082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**gc ]Ɋ& 3!Xcg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a7ba7c47-da5d-4bbe-97da-98a681084082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**hc ]Ɋ& 5!Xch F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a7ba7c47-da5d-4bbe-97da-98a681084082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0ic ]Ɋ& !ci F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a7ba7c47-da5d-4bbe-97da-98a681084082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=893e333b-52bf-4bb0-8161-d6e83f063ff3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f00**@j2 ]Ɋ& !2j F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a7ba7c47-da5d-4bbe-97da-98a681084082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=893e333b-52bf-4bb0-8161-d6e83f063ff3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**kpO ]Ɋ& )!XpOk F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d42a1474-b2e7-4296-a1cf-b231353b9c17 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam**lpO ]Ɋ& A!XpOl F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d42a1474-b2e7-4296-a1cf-b231353b9c17 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**mpO ]Ɋ& =!XpOm F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d42a1474-b2e7-4296-a1cf-b231353b9c17 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= A**npO ]Ɋ& 5!XpOn F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d42a1474-b2e7-4296-a1cf-b231353b9c17 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**opO ]Ɋ& 5!XpOo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d42a1474-b2e7-4296-a1cf-b231353b9c17 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**ppO ]Ɋ& 7!XpOp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d42a1474-b2e7-4296-a1cf-b231353b9c17 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0qpO ]Ɋ& !pOq F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d42a1474-b2e7-4296-a1cf-b231353b9c17 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=619826dd-5b19-4372-a977-584ed50dbca3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@rO ]Ɋ& !Or F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d42a1474-b2e7-4296-a1cf-b231353b9c17 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=619826dd-5b19-4372-a977-584ed50dbca3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XsO ]Ɋ& !XOs F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=55903953-7ae4-4626-9cd5-2c25da16f9cb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**ptO ]Ɋ& !XOt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=55903953-7ae4-4626-9cd5-2c25da16f9cb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**huO ]Ɋ& !XOu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=55903953-7ae4-4626-9cd5-2c25da16f9cb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`vO ]Ɋ& !XOv F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=55903953-7ae4-4626-9cd5-2c25da16f9cb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`wO ]Ɋ& !XOw F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=55903953-7ae4-4626-9cd5-2c25da16f9cb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hxO ]Ɋ& !XOx F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=55903953-7ae4-4626-9cd5-2c25da16f9cb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**yO ]Ɋ&  !Oy F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=55903953-7ae4-4626-9cd5-2c25da16f9cb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4dbaf54b-4daa-4133-8e85-e370b1e5c861 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Non**zO ]Ɋ& !Oz F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=55903953-7ae4-4626-9cd5-2c25da16f9cb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4dbaf54b-4daa-4133-8e85-e370b1e5c861 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8{:O ]Ɋ& !X:O{ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=546156e8-d93c-4805-b823-e28cacff109b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s 8**P|:O ]Ɋ& !X:O| F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=546156e8-d93c-4805-b823-e28cacff109b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNP**P}:O ]Ɋ& !X:O} F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=546156e8-d93c-4805-b823-e28cacff109b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StaP**H~:O ]Ɋ& !X:O~ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=546156e8-d93c-4805-b823-e28cacff109b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H:O ]Ɋ& !X:O F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=546156e8-d93c-4805-b823-e28cacff109b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H:O ]Ɋ& !X:O F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=546156e8-d93c-4805-b823-e28cacff109b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**:O ]Ɋ& !:O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=546156e8-d93c-4805-b823-e28cacff109b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a81126fa-8267-4595-96d0-3b3b24e8a0d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**:O ]Ɋ& !:O F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=546156e8-d93c-4805-b823-e28cacff109b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a81126fa-8267-4595-96d0-3b3b24e8a0d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X:O ]Ɋ& !X:O F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ff1751be-b4ad-4abc-9c5d-492e02ba35b9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p:O ]Ɋ& !X:O F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ff1751be-b4ad-4abc-9c5d-492e02ba35b9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndTyp= ScriptNa ]Ɋ& = X:O F&  XT F&  zp" F&H ǎmO*ElfChnk(x#}RsMu=VysMc&&**p:O ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!X:O F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ff1751be-b4ad-4abc-9c5d-492e02ba35b9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**`:O ]Ɋ& !X:O F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ff1751be-b4ad-4abc-9c5d-492e02ba35b9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io`**`:O ]Ɋ& !X:O F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ff1751be-b4ad-4abc-9c5d-492e02ba35b9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le`**`:O ]Ɋ& !X:O F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ff1751be-b4ad-4abc-9c5d-492e02ba35b9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**:O ]Ɋ& !:O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ff1751be-b4ad-4abc-9c5d-492e02ba35b9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=799460b2-d98a-426f-a5ec-25d40b598a22 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**:O ]Ɋ& !:O F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ff1751be-b4ad-4abc-9c5d-492e02ba35b9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=799460b2-d98a-426f-a5ec-25d40b598a22 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**(+O ]Ɋ& !X+O F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6e47cab7-17e0-40ce-a219-944aca6c742d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@+O ]Ɋ& !X+O F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6e47cab7-17e0-40ce-a219-944aca6c742d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@+O ]Ɋ& !X+O F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6e47cab7-17e0-40ce-a219-944aca6c742d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 6@**8+O ]Ɋ& !X+O F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6e47cab7-17e0-40ce-a219-944aca6c742d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8+O ]Ɋ& !X+O F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6e47cab7-17e0-40ce-a219-944aca6c742d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nst8**8+O ]Ɋ& !X+O F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6e47cab7-17e0-40ce-a219-944aca6c742d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.08**+O ]Ɋ& !+O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6e47cab7-17e0-40ce-a219-944aca6c742d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3d13deaa-ead3-454a-be3e-1b070b5d91f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **kO ]Ɋ& !kO F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6e47cab7-17e0-40ce-a219-944aca6c742d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3d13deaa-ead3-454a-be3e-1b070b5d91f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o2**XO ]Ɋ& !XO F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e5d697e1-2667-4d2f-8108-0169402fee1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pO ]Ɋ& !XO F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e5d697e1-2667-4d2f-8108-0169402fee1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pO ]Ɋ& !XO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e5d697e1-2667-4d2f-8108-0169402fee1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**hO ]Ɋ& !XO F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e5d697e1-2667-4d2f-8108-0169402fee1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**hO ]Ɋ& !XO F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e5d697e1-2667-4d2f-8108-0169402fee1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**hO ]Ɋ& !XO F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e5d697e1-2667-4d2f-8108-0169402fee1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**5O ]Ɋ&  !5O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e5d697e1-2667-4d2f-8108-0169402fee1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=551984be-154d-4116-b47d-1c94167be69d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**5O ]Ɋ& !5O F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e5d697e1-2667-4d2f-8108-0169402fee1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=551984be-154d-4116-b47d-1c94167be69d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= . |**O ]Ɋ& '!XO F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cce8099b-e213-4a19-8c9b-506aa0f14616 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**O ]Ɋ& ?!XO F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cce8099b-e213-4a19-8c9b-506aa0f14616 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**O ]Ɋ& ;!XO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cce8099b-e213-4a19-8c9b-506aa0f14616 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=53b**O ]Ɋ& 3!XO F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cce8099b-e213-4a19-8c9b-506aa0f14616 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**O ]Ɋ& 3!XO F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cce8099b-e213-4a19-8c9b-506aa0f14616 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b9c**O ]Ɋ& 5!XO F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cce8099b-e213-4a19-8c9b-506aa0f14616 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0O ]Ɋ& !O F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cce8099b-e213-4a19-8c9b-506aa0f14616 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e7a16679-4998-4952-afec-ba693b38b210 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@fO ]Ɋ& !fO F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cce8099b-e213-4a19-8c9b-506aa0f14616 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e7a16679-4998-4952-afec-ba693b38b210 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**4 ]Ɋ& )!X4 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a862a8d1-7b4f-4438-b0ec-45209107aabf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com**4 ]Ɋ& A!X4 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a862a8d1-7b4f-4438-b0ec-45209107aabf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= **4 ]Ɋ& =!X4 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a862a8d1-7b4f-4438-b0ec-45209107aabf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut**4 ]Ɋ& 5!X4 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a862a8d1-7b4f-4438-b0ec-45209107aabf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 **4 ]Ɋ& 5!X4 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a862a8d1-7b4f-4438-b0ec-45209107aabf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**4 ]Ɋ& 7!X4 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a862a8d1-7b4f-4438-b0ec-45209107aabf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**04 ]Ɋ& !4 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a862a8d1-7b4f-4438-b0ec-45209107aabf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=da93bcb8-0486-4dd6-bebf-20c4b75e3e5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t0**@)E5 ]Ɋ& !)E5 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a862a8d1-7b4f-4438-b0ec-45209107aabf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=da93bcb8-0486-4dd6-bebf-20c4b75e3e5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=top@**X5 ]Ɋ& !X5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7de0a029-2921-4812-a850-1270ca419aaf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p5 ]Ɋ& !X5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7de0a029-2921-4812-a850-1270ca419aaf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stp**h5 ]Ɋ& !X5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7de0a029-2921-4812-a850-1270ca419aaf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`5 ]Ɋ& !X5 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7de0a029-2921-4812-a850-1270ca419aaf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n`**`5 ]Ɋ& !X5 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7de0a029-2921-4812-a850-1270ca419aaf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**h5 ]Ɋ& !X5 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7de0a029-2921-4812-a850-1270ca419aaf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Stah**5 ]Ɋ&  !5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7de0a029-2921-4812-a850-1270ca419aaf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b0cf467-f072-454e-a9f6-562fda63a89f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**5 ]Ɋ& !5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7de0a029-2921-4812-a850-1270ca419aaf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b0cf467-f072-454e-a9f6-562fda63a89f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**8Vv6 ]Ɋ& !XVv6 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=133c4ef6-85ea-4b38-8545-6b4688d6af81 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**PVv6 ]Ɋ& !XVv6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=133c4ef6-85ea-4b38-8545-6b4688d6af81 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ueP**PVv6 ]Ɋ& !XVv6 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=133c4ef6-85ea-4b38-8545-6b4688d6af81 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P  ]Ɋ& F&H ǎXElfChnk0#PZ@lMu=VysMc&&**HVv6 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!XVv6 F&F%g>9{p(xlMD EventDatauoData !BinaryvFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=133c4ef6-85ea-4b38-8545-6b4688d6af81 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**HVv6 ]Ɋ& !XVv6 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=133c4ef6-85ea-4b38-8545-6b4688d6af81 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**HVv6 ]Ɋ& !XVv6 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=133c4ef6-85ea-4b38-8545-6b4688d6af81 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ScrH**Vv6 ]Ɋ& !Vv6 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=133c4ef6-85ea-4b38-8545-6b4688d6af81 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9c67913c-2241-4afc-84e1-a957838024e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**Vv6 ]Ɋ& !Vv6 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=133c4ef6-85ea-4b38-8545-6b4688d6af81 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9c67913c-2241-4afc-84e1-a957838024e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**X7 ]Ɋ& !X7 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2126ea0f-f4f4-490f-bcca-f665f41b67b1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoX**p7 ]Ɋ& !X7 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2126ea0f-f4f4-490f-bcca-f665f41b67b1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortp**h7 ]Ɋ& !X7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2126ea0f-f4f4-490f-bcca-f665f41b67b1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bah**`7 ]Ɋ& !X7 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2126ea0f-f4f4-490f-bcca-f665f41b67b1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`7 ]Ɋ& !X7 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2126ea0f-f4f4-490f-bcca-f665f41b67b1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq`**`7 ]Ɋ& !X7 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2126ea0f-f4f4-490f-bcca-f665f41b67b1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**7 ]Ɋ& !7 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2126ea0f-f4f4-490f-bcca-f665f41b67b1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0637998b-b3fd-483a-ab37-b2374f96c939 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7 ]Ɋ& !7 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2126ea0f-f4f4-490f-bcca-f665f41b67b1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0637998b-b3fd-483a-ab37-b2374f96c939 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **(7 ]Ɋ& !X7 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=52eddf4a-75e2-4a85-bae2-6c9da2338f85 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@7 ]Ɋ& !X7 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=52eddf4a-75e2-4a85-bae2-6c9da2338f85 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V@**@7 ]Ɋ& !X7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=52eddf4a-75e2-4a85-bae2-6c9da2338f85 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te'@**87 ]Ɋ& !X7 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=52eddf4a-75e2-4a85-bae2-6c9da2338f85 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent8**87 ]Ɋ& !X7 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=52eddf4a-75e2-4a85-bae2-6c9da2338f85 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t 8**87 ]Ɋ& !X7 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=52eddf4a-75e2-4a85-bae2-6c9da2338f85 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**7 ]Ɋ& !7 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=52eddf4a-75e2-4a85-bae2-6c9da2338f85 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=68ad293a-77f9-4f6d-83fd-43a163f7ba06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**7 ]Ɋ& !7 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=52eddf4a-75e2-4a85-bae2-6c9da2338f85 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=68ad293a-77f9-4f6d-83fd-43a163f7ba06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ated**XFq9 ]Ɋ& !XFq9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ccadfafe-1c27-4b5c-8eee-e2bb28c3e740 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pFq9 ]Ɋ& !XFq9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ccadfafe-1c27-4b5c-8eee-e2bb28c3e740 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pFq9 ]Ɋ& !XFq9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ccadfafe-1c27-4b5c-8eee-e2bb28c3e740 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultp**hFq9 ]Ɋ& !XFq9 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ccadfafe-1c27-4b5c-8eee-e2bb28c3e740 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthh**hFq9 ]Ɋ& !XFq9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ccadfafe-1c27-4b5c-8eee-e2bb28c3e740 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hFq9 ]Ɋ& !XFq9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ccadfafe-1c27-4b5c-8eee-e2bb28c3e740 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nah**Fq9 ]Ɋ&  !Fq9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ccadfafe-1c27-4b5c-8eee-e2bb28c3e740 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=65ea485d-f0e3-4e24-9af0-c151ddf64b42 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** : ]Ɋ& ! : F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ccadfafe-1c27-4b5c-8eee-e2bb28c3e740 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=65ea485d-f0e3-4e24-9af0-c151ddf64b42 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber=** : ]Ɋ& '!X : F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=699f0d88-350e-4096-90e5-51ec072a9452 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n** : ]Ɋ& ?!X : F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=699f0d88-350e-4096-90e5-51ec072a9452 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** : ]Ɋ& ;!X : F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=699f0d88-350e-4096-90e5-51ec072a9452 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** : ]Ɋ& 3!X : F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=699f0d88-350e-4096-90e5-51ec072a9452 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ou** : ]Ɋ& 3!X : F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=699f0d88-350e-4096-90e5-51ec072a9452 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cti** : ]Ɋ& 5!X : F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=699f0d88-350e-4096-90e5-51ec072a9452 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= -**0 : ]Ɋ& ! : F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=699f0d88-350e-4096-90e5-51ec072a9452 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c0225df6-7927-4177-97ff-17db988da932 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te0**@ ;; ]Ɋ& ! ;; F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=699f0d88-350e-4096-90e5-51ec072a9452 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c0225df6-7927-4177-97ff-17db988da932 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8-04@**> ]Ɋ& )!X> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=01726f1f-6d17-4df9-9fa1-77e8431f3d80 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**> ]Ɋ& A!X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=01726f1f-6d17-4df9-9fa1-77e8431f3d80 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mIns**> ]Ɋ& =!X> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=01726f1f-6d17-4df9-9fa1-77e8431f3d80 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-2**> ]Ɋ& 5!X> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=01726f1f-6d17-4df9-9fa1-77e8431f3d80 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**> ]Ɋ& 5!X> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=01726f1f-6d17-4df9-9fa1-77e8431f3d80 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**> ]Ɋ& 7!X> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=01726f1f-6d17-4df9-9fa1-77e8431f3d80 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0> ]Ɋ& !> F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=01726f1f-6d17-4df9-9fa1-77e8431f3d80 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6df802cf-3772-4309-9e55-43665246143e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@k  ]Ɋ& !k  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=01726f1f-6d17-4df9-9fa1-77e8431f3d80 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6df802cf-3772-4309-9e55-43665246143e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**Xk  ]Ɋ& !Xk  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7d397bc5-e73d-4e39-8139-d78f58e9ee5d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**pk  ]Ɋ& !Xk  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7d397bc5-e73d-4e39-8139-d78f58e9ee5d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**hk  ]Ɋ& !Xk  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7d397bc5-e73d-4e39-8139-d78f58e9ee5d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`k  ]Ɋ& !Xk  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7d397bc5-e73d-4e39-8139-d78f58e9ee5d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xk  F&XElfChnk჈CZMu=VysMc&&**hk  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!Xk  F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7d397bc5-e73d-4e39-8139-d78f58e9ee5d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hk  ]Ɋ& !Xk  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7d397bc5-e73d-4e39-8139-d78f58e9ee5d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**k  ]Ɋ&  !k  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7d397bc5-e73d-4e39-8139-d78f58e9ee5d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c4452485-00ca-4928-94d6-88cf3f9f7ab9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ**k  ]Ɋ& !k  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7d397bc5-e73d-4e39-8139-d78f58e9ee5d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c4452485-00ca-4928-94d6-88cf3f9f7ab9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**8k  ]Ɋ& !Xk  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=20268bda-fd3c-4258-aa02-52a7e50a4c9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pk  ]Ɋ& !Xk  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=20268bda-fd3c-4258-aa02-52a7e50a4c9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pk  ]Ɋ& !Xk  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=20268bda-fd3c-4258-aa02-52a7e50a4c9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hk  ]Ɋ& !Xk  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=20268bda-fd3c-4258-aa02-52a7e50a4c9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**Hk  ]Ɋ& !Xk  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=20268bda-fd3c-4258-aa02-52a7e50a4c9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hk  ]Ɋ& !Xk  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=20268bda-fd3c-4258-aa02-52a7e50a4c9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H**k  ]Ɋ& !k  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=20268bda-fd3c-4258-aa02-52a7e50a4c9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=945d8a33-db29-4411-a2c2-e82390f8e79b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**k  ]Ɋ& !k  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=20268bda-fd3c-4258-aa02-52a7e50a4c9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=945d8a33-db29-4411-a2c2-e82390f8e79b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xł ]Ɋ& !Xł F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=44a4202f-1cbe-4af6-a717-349219c06f3e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**pł ]Ɋ& !Xł F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=44a4202f-1cbe-4af6-a717-349219c06f3e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**hł ]Ɋ& !Xł F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=44a4202f-1cbe-4af6-a717-349219c06f3e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**`ł ]Ɋ& !Xł F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=44a4202f-1cbe-4af6-a717-349219c06f3e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`ł ]Ɋ& !Xł F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=44a4202f-1cbe-4af6-a717-349219c06f3e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`ł ]Ɋ& !Xł F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=44a4202f-1cbe-4af6-a717-349219c06f3e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**ł ]Ɋ& !ł F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=44a4202f-1cbe-4af6-a717-349219c06f3e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=127fcf31-668f-49bd-9192-af745575b0ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ł ]Ɋ& !ł F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=44a4202f-1cbe-4af6-a717-349219c06f3e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=127fcf31-668f-49bd-9192-af745575b0ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**(ł ]Ɋ& !Xł F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=241132b1-5507-4a7e-a232-50c37c27f3c2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@ł ]Ɋ& !Xł F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=241132b1-5507-4a7e-a232-50c37c27f3c2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f@**@ł ]Ɋ& !Xł F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=241132b1-5507-4a7e-a232-50c37c27f3c2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**8ł ]Ɋ& !Xł F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=241132b1-5507-4a7e-a232-50c37c27f3c2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**8ł ]Ɋ& !Xł F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=241132b1-5507-4a7e-a232-50c37c27f3c2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=27-8**8ł ]Ɋ& !Xł F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=241132b1-5507-4a7e-a232-50c37c27f3c2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**ł ]Ɋ& !ł F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=241132b1-5507-4a7e-a232-50c37c27f3c2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=edd9704b-ceba-478d-a79a-e4d953f2470e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**\ ]Ɋ& !\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=241132b1-5507-4a7e-a232-50c37c27f3c2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=edd9704b-ceba-478d-a79a-e4d953f2470e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fdf1e75b-ca88-4497-9476-632203566686 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fdf1e75b-ca88-4497-9476-632203566686 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fdf1e75b-ca88-4497-9476-632203566686 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fdf1e75b-ca88-4497-9476-632203566686 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fdf1e75b-ca88-4497-9476-632203566686 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fdf1e75b-ca88-4497-9476-632203566686 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**  ]Ɋ&  !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fdf1e75b-ca88-4497-9476-632203566686 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ada93902-f360-4f6e-ac5e-b8beb8d5f94d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S** } ]Ɋ& !}  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fdf1e75b-ca88-4497-9476-632203566686 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ada93902-f360-4f6e-ac5e-b8beb8d5f94d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio** } ]Ɋ& '!X}  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f24993f3-b776-4adf-a568-789c36c4672d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H** } ]Ɋ& ?!X}  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f24993f3-b776-4adf-a568-789c36c4672d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u** } ]Ɋ& ;!X}  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f24993f3-b776-4adf-a568-789c36c4672d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne**} ]Ɋ& 3!X} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f24993f3-b776-4adf-a568-789c36c4672d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **} ]Ɋ& 3!X} F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f24993f3-b776-4adf-a568-789c36c4672d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP**} ]Ɋ& 5!X} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f24993f3-b776-4adf-a568-789c36c4672d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**0} ]Ɋ& !} F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f24993f3-b776-4adf-a568-789c36c4672d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0dfa8361-720f-44df-82f4-f3994c3378a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@L ]Ɋ& !L F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f24993f3-b776-4adf-a568-789c36c4672d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0dfa8361-720f-44df-82f4-f3994c3378a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @**nb ]Ɋ& )!Xnb F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=584dbae3-d82c-44ac-aa34-5a2b2a4bde1c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut-S**nb ]Ɋ& A!Xnb F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=584dbae3-d82c-44ac-aa34-5a2b2a4bde1c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 -C**nb ]Ɋ& =!Xnb F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=584dbae3-d82c-44ac-aa34-5a2b2a4bde1c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**nb ]Ɋ& 5!Xnb F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=584dbae3-d82c-44ac-aa34-5a2b2a4bde1c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on.0 HostId= ]Ɋ& icXnb F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xk  F&XElfChnkGGp\f1Mu=VysMc&&**nb ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xnb F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=584dbae3-d82c-44ac-aa34-5a2b2a4bde1c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **nb ]Ɋ& 7!Xnb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=584dbae3-d82c-44ac-aa34-5a2b2a4bde1c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0obob ]Ɋ& !obob F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=584dbae3-d82c-44ac-aa34-5a2b2a4bde1c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=acb0d282-a1da-4e4f-98eb-d269155737bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@ob ]Ɋ& !ob F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=584dbae3-d82c-44ac-aa34-5a2b2a4bde1c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=acb0d282-a1da-4e4f-98eb-d269155737bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**Xob ]Ɋ& !Xob F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c139fe57-ccfc-4b9b-b454-b4c20b59b2a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**pob ]Ɋ& !Xob F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c139fe57-ccfc-4b9b-b454-b4c20b59b2a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**hob ]Ɋ& !Xob F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c139fe57-ccfc-4b9b-b454-b4c20b59b2a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`ob ]Ɋ& !Xob F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c139fe57-ccfc-4b9b-b454-b4c20b59b2a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`ob ]Ɋ& !Xob F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c139fe57-ccfc-4b9b-b454-b4c20b59b2a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h ob ]Ɋ& !Xob  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c139fe57-ccfc-4b9b-b454-b4c20b59b2a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**!ob ]Ɋ&  !ob! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c139fe57-ccfc-4b9b-b454-b4c20b59b2a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7afed7e9-c357-4a98-b365-b4b6a518f8ad PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **"ob ]Ɋ& !ob" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c139fe57-ccfc-4b9b-b454-b4c20b59b2a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7afed7e9-c357-4a98-b365-b4b6a518f8ad PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8#pb ]Ɋ& !Xpb# F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8223946d-9e2a-4aa1-9d6c-7ce34ea08756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P$pb ]Ɋ& !Xpb$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8223946d-9e2a-4aa1-9d6c-7ce34ea08756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P%pb ]Ɋ& !Xpb% F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8223946d-9e2a-4aa1-9d6c-7ce34ea08756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H&pb ]Ɋ& !Xpb& F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8223946d-9e2a-4aa1-9d6c-7ce34ea08756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**H'pb ]Ɋ& !Xpb' F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8223946d-9e2a-4aa1-9d6c-7ce34ea08756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**H(pb ]Ɋ& !Xpb( F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8223946d-9e2a-4aa1-9d6c-7ce34ea08756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**)pb ]Ɋ& !pb) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8223946d-9e2a-4aa1-9d6c-7ce34ea08756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=381c56d3-dd61-436b-9f36-99183c0aa2c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft***pb ]Ɋ& !pb* F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8223946d-9e2a-4aa1-9d6c-7ce34ea08756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=381c56d3-dd61-436b-9f36-99183c0aa2c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**X+pb ]Ɋ& !Xpb+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ccf8084-d5ad-4f81-80e6-5d800d3a9eb6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**p,pb ]Ɋ& !Xpb, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ccf8084-d5ad-4f81-80e6-5d800d3a9eb6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**h-pb ]Ɋ& !Xpb- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ccf8084-d5ad-4f81-80e6-5d800d3a9eb6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`.pb ]Ɋ& !Xpb. F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ccf8084-d5ad-4f81-80e6-5d800d3a9eb6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`/pb ]Ɋ& !Xpb/ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ccf8084-d5ad-4f81-80e6-5d800d3a9eb6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`0pb ]Ɋ& !Xpb0 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ccf8084-d5ad-4f81-80e6-5d800d3a9eb6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**1pb ]Ɋ& !pb1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ccf8084-d5ad-4f81-80e6-5d800d3a9eb6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6e7b67fa-f318-4468-ac53-c97d5fea9816 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**22,qb ]Ɋ& !2,qb2 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ccf8084-d5ad-4f81-80e6-5d800d3a9eb6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6e7b67fa-f318-4468-ac53-c97d5fea9816 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(32,qb ]Ɋ& !X2,qb3 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6f3e5038-5b54-4182-a38c-343220d8a28e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@42,qb ]Ɋ& !X2,qb4 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6f3e5038-5b54-4182-a38c-343220d8a28e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@52,qb ]Ɋ& !X2,qb5 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6f3e5038-5b54-4182-a38c-343220d8a28e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**862,qb ]Ɋ& !X2,qb6 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6f3e5038-5b54-4182-a38c-343220d8a28e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**872,qb ]Ɋ& !X2,qb7 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6f3e5038-5b54-4182-a38c-343220d8a28e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**882,qb ]Ɋ& !X2,qb8 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6f3e5038-5b54-4182-a38c-343220d8a28e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**92,qb ]Ɋ& !2,qb9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6f3e5038-5b54-4182-a38c-343220d8a28e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2be8b9fc-7139-4f2b-bfa9-a261a56f9287 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**:qb ]Ɋ& !qb: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6f3e5038-5b54-4182-a38c-343220d8a28e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2be8b9fc-7139-4f2b-bfa9-a261a56f9287 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**X;sb ]Ɋ& !Xsb; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=66447a12-4f00-4aed-80c6-4a56dcf31322 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p<sb ]Ɋ& !Xsb< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=66447a12-4f00-4aed-80c6-4a56dcf31322 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p=sb ]Ɋ& !Xsb= F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=66447a12-4f00-4aed-80c6-4a56dcf31322 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**h>sb ]Ɋ& !Xsb> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=66447a12-4f00-4aed-80c6-4a56dcf31322 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**h?sb ]Ɋ& !Xsb? F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=66447a12-4f00-4aed-80c6-4a56dcf31322 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c36h**h@sb ]Ɋ& !Xsb@ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=66447a12-4f00-4aed-80c6-4a56dcf31322 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**Asb ]Ɋ&  !sbA F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=66447a12-4f00-4aed-80c6-4a56dcf31322 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5475ef1a-610c-4885-a783-e89cd502d750 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**Bsb ]Ɋ& !sbB F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=66447a12-4f00-4aed-80c6-4a56dcf31322 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5475ef1a-610c-4885-a783-e89cd502d750 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**C#'tb ]Ɋ& '!X#'tbC F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0a491d89-ad24-45e8-873b-7970f83ae4ea HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**D#'tb ]Ɋ& ?!X#'tbD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0a491d89-ad24-45e8-873b-7970f83ae4ea HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**E#'tb ]Ɋ& ;!X#'tbE F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0a491d89-ad24-45e8-873b-7970f83ae4ea HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **F#'tb ]Ɋ& 3!X#'tbF F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0a491d89-ad24-45e8-873b-7970f83ae4ea HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**G#'tb ]Ɋ& 3!X#'tbG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0a491d89-ad24-45e8-873b-7970f83ae4ea HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& X#'tbH F& F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xk  F&XElfChnkHyHyp(4Mu=VysMc&&** H#'tb ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X#'tbH F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0a491d89-ad24-45e8-873b-7970f83ae4ea HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=44a **0I#'tb ]Ɋ& !#'tbI F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0a491d89-ad24-45e8-873b-7970f83ae4ea HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4bc39df6-f16c-4268-a05c-7c7b94d27340 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@Jtb ]Ɋ& !tbJ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0a491d89-ad24-45e8-873b-7970f83ae4ea HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4bc39df6-f16c-4268-a05c-7c7b94d27340 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**Ke% ]Ɋ& )!Xe%K F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ab1bfeda-80f1-4590-b9b9-33912721c156 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**Le% ]Ɋ& A!Xe%L F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ab1bfeda-80f1-4590-b9b9-33912721c156 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **Me% ]Ɋ& =!Xe%M F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ab1bfeda-80f1-4590-b9b9-33912721c156 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ne% ]Ɋ& 5!Xe%N F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ab1bfeda-80f1-4590-b9b9-33912721c156 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Oe% ]Ɋ& 5!Xe%O F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ab1bfeda-80f1-4590-b9b9-33912721c156 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **Pe% ]Ɋ& 7!Xe%P F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ab1bfeda-80f1-4590-b9b9-33912721c156 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0Qe% ]Ɋ& !e%Q F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ab1bfeda-80f1-4590-b9b9-33912721c156 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4e3547c7-a58e-4330-be1e-d4347f75ce8d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@R ]Ɋ& !R F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ab1bfeda-80f1-4590-b9b9-33912721c156 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4e3547c7-a58e-4330-be1e-d4347f75ce8d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**XSV ]Ɋ& !XVS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=921dd2d5-7ae8-4b4f-9d5d-db1894899b14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pTV ]Ɋ& !XVT F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=921dd2d5-7ae8-4b4f-9d5d-db1894899b14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**hUV ]Ɋ& !XVU F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=921dd2d5-7ae8-4b4f-9d5d-db1894899b14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`VV ]Ɋ& !XVV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=921dd2d5-7ae8-4b4f-9d5d-db1894899b14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`WV ]Ɋ& !XVW F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=921dd2d5-7ae8-4b4f-9d5d-db1894899b14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hXV ]Ɋ& !XVX F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=921dd2d5-7ae8-4b4f-9d5d-db1894899b14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**YV ]Ɋ&  !VY F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=921dd2d5-7ae8-4b4f-9d5d-db1894899b14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=343def20-51f2-48aa-a45f-ebb78a647b30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**ZV ]Ɋ& !VZ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=921dd2d5-7ae8-4b4f-9d5d-db1894899b14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=343def20-51f2-48aa-a45f-ebb78a647b30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8[V ]Ɋ& !XV[ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2778a39d-dc4a-455c-9ed6-35cd456f06a6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**P\V ]Ɋ& !XV\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2778a39d-dc4a-455c-9ed6-35cd456f06a6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**P]V ]Ɋ& !XV] F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2778a39d-dc4a-455c-9ed6-35cd456f06a6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**H^V ]Ɋ& !XV^ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2778a39d-dc4a-455c-9ed6-35cd456f06a6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**H_V ]Ɋ& !XV_ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2778a39d-dc4a-455c-9ed6-35cd456f06a6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ftVoH**H`V ]Ɋ& !XV` F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2778a39d-dc4a-455c-9ed6-35cd456f06a6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ritH**aV ]Ɋ& !Va F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2778a39d-dc4a-455c-9ed6-35cd456f06a6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a043b75-fffd-49a7-b339-a61ec153d324 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**b( ]Ɋ& !(b F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2778a39d-dc4a-455c-9ed6-35cd456f06a6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a043b75-fffd-49a7-b339-a61ec153d324 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**Xc( ]Ɋ& !X(c F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d2583b12-b707-4b16-9e5b-b60add5d9f24 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US;X**pd( ]Ɋ& !X(d F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d2583b12-b707-4b16-9e5b-b60add5d9f24 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostVp**he( ]Ɋ& !X(e F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d2583b12-b707-4b16-9e5b-b60add5d9f24 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`f( ]Ɋ& !X(f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d2583b12-b707-4b16-9e5b-b60add5d9f24 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*`**`g( ]Ɋ& !X(g F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d2583b12-b707-4b16-9e5b-b60add5d9f24 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru`**`h( ]Ɋ& !X(h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d2583b12-b707-4b16-9e5b-b60add5d9f24 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**i( ]Ɋ& !(i F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d2583b12-b707-4b16-9e5b-b60add5d9f24 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9988fc78-2058-49de-98a7-460d93701a6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**j( ]Ɋ& !(j F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d2583b12-b707-4b16-9e5b-b60add5d9f24 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9988fc78-2058-49de-98a7-460d93701a6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(k( ]Ɋ& !X(k F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c5d3b91d-3b99-4ac1-9a82-4d35654692d0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2(**@l( ]Ɋ& !X(l F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c5d3b91d-3b99-4ac1-9a82-4d35654692d0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@m( ]Ɋ& !X(m F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c5d3b91d-3b99-4ac1-9a82-4d35654692d0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8n( ]Ɋ& !X(n F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c5d3b91d-3b99-4ac1-9a82-4d35654692d0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8o( ]Ɋ& !X(o F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c5d3b91d-3b99-4ac1-9a82-4d35654692d0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8p( ]Ɋ& !X(p F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c5d3b91d-3b99-4ac1-9a82-4d35654692d0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**q( ]Ɋ& !(q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c5d3b91d-3b99-4ac1-9a82-4d35654692d0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fe685260-0a50-4d7b-8fb8-eabf101ab53b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**r ]Ɋ& !r F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c5d3b91d-3b99-4ac1-9a82-4d35654692d0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fe685260-0a50-4d7b-8fb8-eabf101ab53b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**Xs꟭ ]Ɋ& !X꟭s F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=223d96c9-e951-486a-82d9-18354167238c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**pt꟭ ]Ɋ& !X꟭t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=223d96c9-e951-486a-82d9-18354167238c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**pu꟭ ]Ɋ& !X꟭u F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=223d96c9-e951-486a-82d9-18354167238c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**hv꟭ ]Ɋ& !X꟭v F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=223d96c9-e951-486a-82d9-18354167238c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**hw꟭ ]Ɋ& !X꟭w F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=223d96c9-e951-486a-82d9-18354167238c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**hx꟭ ]Ɋ& !X꟭x F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=223d96c9-e951-486a-82d9-18354167238c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**y ]Ɋ&  !y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=223d96c9-e951-486a-82d9-18354167238c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e6dd31ac-4a5b-4f2c-bdbd-376166f5ab02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sbe.properties ]Ɋ& Cuz F&n-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& X#'tbH F& F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xk  F&XElfChnkzzx ?Mu=VysMc&&** z ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !z F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=223d96c9-e951-486a-82d9-18354167238c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e6dd31ac-4a5b-4f2c-bdbd-376166f5ab02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **{F ]Ɋ& '!XF{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=33b9ec7c-e40d-4696-9f39-fda6af016907 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|F ]Ɋ& ?!XF| F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=33b9ec7c-e40d-4696-9f39-fda6af016907 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**}F ]Ɋ& ;!XF} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=33b9ec7c-e40d-4696-9f39-fda6af016907 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**~F ]Ɋ& 3!XF~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=33b9ec7c-e40d-4696-9f39-fda6af016907 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**F ]Ɋ& 3!XF F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=33b9ec7c-e40d-4696-9f39-fda6af016907 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ica**F ]Ɋ& 5!XF F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=33b9ec7c-e40d-4696-9f39-fda6af016907 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0F ]Ɋ& !F F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=33b9ec7c-e40d-4696-9f39-fda6af016907 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1821c63b-e007-460a-a373-eb9f81774d8f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow0**@ܳ ]Ɋ& !ܳ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=33b9ec7c-e40d-4696-9f39-fda6af016907 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1821c63b-e007-460a-a373-eb9f81774d8f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**I  ]Ɋ& )!XI  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=85a28779-6a13-4554-bbcc-324eaf423db5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**I  ]Ɋ& A!XI  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=85a28779-6a13-4554-bbcc-324eaf423db5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-wid**I  ]Ɋ& =!XI  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=85a28779-6a13-4554-bbcc-324eaf423db5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**I  ]Ɋ& 5!XI  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=85a28779-6a13-4554-bbcc-324eaf423db5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **I  ]Ɋ& 5!XI  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=85a28779-6a13-4554-bbcc-324eaf423db5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==9**I  ]Ɋ& 7!XI  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=85a28779-6a13-4554-bbcc-324eaf423db5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0I  ]Ɋ& !I  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=85a28779-6a13-4554-bbcc-324eaf423db5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0de9cd82-77b8-4818-a9d4-97c4acfa5198 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@J  ]Ɋ& !J  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=85a28779-6a13-4554-bbcc-324eaf423db5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0de9cd82-77b8-4818-a9d4-97c4acfa5198 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xz ]Ɋ& !Xz F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c25dda72-51be-4e4e-b0e4-0e204c8162d7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pz ]Ɋ& !Xz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c25dda72-51be-4e4e-b0e4-0e204c8162d7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hz ]Ɋ& !Xz F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c25dda72-51be-4e4e-b0e4-0e204c8162d7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`z ]Ɋ& !Xz F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c25dda72-51be-4e4e-b0e4-0e204c8162d7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`z ]Ɋ& !Xz F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c25dda72-51be-4e4e-b0e4-0e204c8162d7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**hz ]Ɋ& !Xz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c25dda72-51be-4e4e-b0e4-0e204c8162d7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineSh**z ]Ɋ&  !z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c25dda72-51be-4e4e-b0e4-0e204c8162d7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cdfa1c44-a646-4180-8a16-0725cee4a4e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ped **z ]Ɋ& !z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c25dda72-51be-4e4e-b0e4-0e204c8162d7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cdfa1c44-a646-4180-8a16-0725cee4a4e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt**8z ]Ɋ& !Xz F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c91087da-ed9b-45d8-b163-d5755a5f3a13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nm8**Pz ]Ɋ& !Xz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c91087da-ed9b-45d8-b163-d5755a5f3a13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idP**Pz ]Ɋ& !Xz F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c91087da-ed9b-45d8-b163-d5755a5f3a13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartP**Hz ]Ɋ& !Xz F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c91087da-ed9b-45d8-b163-d5755a5f3a13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ReH**Hz ]Ɋ& !Xz F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c91087da-ed9b-45d8-b163-d5755a5f3a13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hz ]Ɋ& !Xz F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c91087da-ed9b-45d8-b163-d5755a5f3a13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**z ]Ɋ& !z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c91087da-ed9b-45d8-b163-d5755a5f3a13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0e2f06df-cba1-4d2d-bc60-b15cc7dd4827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**z ]Ɋ& !z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c91087da-ed9b-45d8-b163-d5755a5f3a13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0e2f06df-cba1-4d2d-bc60-b15cc7dd4827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xw ]Ɋ& !Xw F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5c8989e-afe5-4a7c-a883-5de4e3e0d8a9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaX**pw ]Ɋ& !Xw F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5c8989e-afe5-4a7c-a883-5de4e3e0d8a9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**hw ]Ɋ& !Xw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5c8989e-afe5-4a7c-a883-5de4e3e0d8a9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`w ]Ɋ& !Xw F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5c8989e-afe5-4a7c-a883-5de4e3e0d8a9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`w ]Ɋ& !Xw F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5c8989e-afe5-4a7c-a883-5de4e3e0d8a9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=`**`w ]Ɋ& !Xw F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5c8989e-afe5-4a7c-a883-5de4e3e0d8a9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**w ]Ɋ& !w F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5c8989e-afe5-4a7c-a883-5de4e3e0d8a9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7297bf2b-4399-42bb-87d9-b50586ece856 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**w ]Ɋ& !w F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5c8989e-afe5-4a7c-a883-5de4e3e0d8a9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7297bf2b-4399-42bb-87d9-b50586ece856 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b **( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7e5de46a-cb53-4ee2-984d-6883316044a9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7e5de46a-cb53-4ee2-984d-6883316044a9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7e5de46a-cb53-4ee2-984d-6883316044a9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7e5de46a-cb53-4ee2-984d-6883316044a9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7e5de46a-cb53-4ee2-984d-6883316044a9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7e5de46a-cb53-4ee2-984d-6883316044a9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== 8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7e5de46a-cb53-4ee2-984d-6883316044a9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a08e85dd-4a4e-4d7a-b87d-0dd69f68c95d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7e5de46a-cb53-4ee2-984d-6883316044a9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a08e85dd-4a4e-4d7a-b87d-0dd69f68c95d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te';**Xh ]Ɋ& !Xh F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=029f9b1b-723c-4581-81f6-b98473aeebe0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**ph ]Ɋ& !Xh F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=029f9b1b-723c-4581-81f6-b98473aeebe0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unXh F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xk  F&XElfChnkiQ:m&Mu=VysMc&&**p h ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! S!Xh F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=029f9b1b-723c-4581-81f6-b98473aeebe0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **hh ]Ɋ& !Xh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=029f9b1b-723c-4581-81f6-b98473aeebe0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hh ]Ɋ& !Xh F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=029f9b1b-723c-4581-81f6-b98473aeebe0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hh ]Ɋ& !Xh F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=029f9b1b-723c-4581-81f6-b98473aeebe0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tah**h ]Ɋ&  !h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=029f9b1b-723c-4581-81f6-b98473aeebe0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4b11144-f6ef-49ca-9d5f-89c5e684f005 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=af** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=029f9b1b-723c-4581-81f6-b98473aeebe0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4b11144-f6ef-49ca-9d5f-89c5e684f005 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,De** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ac2d979e-c33e-453d-8eac-45342105694d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ac2d979e-c33e-453d-8eac-45342105694d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ac2d979e-c33e-453d-8eac-45342105694d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hel** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ac2d979e-c33e-453d-8eac-45342105694d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ac2d979e-c33e-453d-8eac-45342105694d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll ** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ac2d979e-c33e-453d-8eac-45342105694d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ac2d979e-c33e-453d-8eac-45342105694d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5240d6ee-5d69-461d-9a85-cf7c451f9f26 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng0**@? ]Ɋ& !? F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ac2d979e-c33e-453d-8eac-45342105694d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5240d6ee-5d69-461d-9a85-cf7c451f9f26 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**[t ]Ɋ& )!X[t F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c2eae1c0-9d05-4119-a2dd-80a004722f7d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[t ]Ɋ& A!X[t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c2eae1c0-9d05-4119-a2dd-80a004722f7d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **[t ]Ɋ& =!X[t F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c2eae1c0-9d05-4119-a2dd-80a004722f7d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**[t ]Ɋ& 5!X[t F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c2eae1c0-9d05-4119-a2dd-80a004722f7d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl**[t ]Ɋ& 5!X[t F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c2eae1c0-9d05-4119-a2dd-80a004722f7d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **[t ]Ɋ& 7!X[t F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c2eae1c0-9d05-4119-a2dd-80a004722f7d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**0[t ]Ɋ& ![t F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c2eae1c0-9d05-4119-a2dd-80a004722f7d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b30c1655-7287-46c2-8331-ee929b9b0b82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=40**@t ]Ɋ& !t F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c2eae1c0-9d05-4119-a2dd-80a004722f7d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b30c1655-7287-46c2-8331-ee929b9b0b82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**X%t ]Ɋ& !X%t F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=abc15a13-1385-413a-8027-abf1486524e4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProX**p%t ]Ɋ& !X%t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=abc15a13-1385-413a-8027-abf1486524e4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt p**h%t ]Ɋ& !X%t F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=abc15a13-1385-413a-8027-abf1486524e4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sh**`%t ]Ɋ& !X%t F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=abc15a13-1385-413a-8027-abf1486524e4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**`%t ]Ɋ& !X%t F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=abc15a13-1385-413a-8027-abf1486524e4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**h%t ]Ɋ& !X%t F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=abc15a13-1385-413a-8027-abf1486524e4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**%t ]Ɋ&  !%t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=abc15a13-1385-413a-8027-abf1486524e4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37e410d5-da32-4293-8d8f-2aed66971636 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=87da**%t ]Ɋ& !%t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=abc15a13-1385-413a-8027-abf1486524e4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37e410d5-da32-4293-8d8f-2aed66971636 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=16**8%t ]Ɋ& !X%t F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d0b4c833-805e-4863-a713-4da8bc5a323c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si8**P%t ]Ɋ& !X%t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d0b4c833-805e-4863-a713-4da8bc5a323c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leP**P%t ]Ɋ& !X%t F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d0b4c833-805e-4863-a713-4da8bc5a323c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HoP**H%t ]Ɋ& !X%t F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d0b4c833-805e-4863-a713-4da8bc5a323c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eNumH**H%t ]Ɋ& !X%t F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d0b4c833-805e-4863-a713-4da8bc5a323c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H%t ]Ɋ& !X%t F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d0b4c833-805e-4863-a713-4da8bc5a323c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ateH**%t ]Ɋ& !%t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d0b4c833-805e-4863-a713-4da8bc5a323c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9a3c0a1a-8a19-4106-bcfa-bfbcb44b5c28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber**%t ]Ɋ& !%t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d0b4c833-805e-4863-a713-4da8bc5a323c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9a3c0a1a-8a19-4106-bcfa-bfbcb44b5c28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X%t ]Ɋ& !X%t F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=413bb90e-b164-43a6-9512-6d5f5816a75e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNamX**p%t ]Ɋ& !X%t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=413bb90e-b164-43a6-9512-6d5f5816a75e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h%t ]Ɋ& !X%t F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=413bb90e-b164-43a6-9512-6d5f5816a75e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**`%t ]Ɋ& !X%t F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=413bb90e-b164-43a6-9512-6d5f5816a75e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=('`**`%t ]Ɋ& !X%t F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=413bb90e-b164-43a6-9512-6d5f5816a75e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ti`**`%t ]Ɋ& !X%t F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=413bb90e-b164-43a6-9512-6d5f5816a75e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8`**%t ]Ɋ& !%t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=413bb90e-b164-43a6-9512-6d5f5816a75e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=489912dc-af98-447c-a4a4-7dabcc748361 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**%t ]Ɋ& !%t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=413bb90e-b164-43a6-9512-6d5f5816a75e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=489912dc-af98-447c-a4a4-7dabcc748361 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**(Rt ]Ɋ& !XRt F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5fc5bf7-472a-4dcf-8716-f0a3182b6537 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@Rt ]Ɋ& !XRt F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5fc5bf7-472a-4dcf-8716-f0a3182b6537 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@Rt ]Ɋ& !XRt F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5fc5bf7-472a-4dcf-8716-f0a3182b6537 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ace@**8Rt ]Ɋ& !XRt F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5fc5bf7-472a-4dcf-8716-f0a3182b6537 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es[8nstalldate'] ]Ɋ& etXRt F&imatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unXh F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xk  F&XElfChnkpg:Mu=VysMc&&**8 Rt ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XRt F&F%g>9{p(xlMD EventDatauoData !BinaryhRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5fc5bf7-472a-4dcf-8716-f0a3182b6537 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8Rt ]Ɋ& !XRt F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5fc5bf7-472a-4dcf-8716-f0a3182b6537 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=In8**Rt ]Ɋ& !Rt F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5fc5bf7-472a-4dcf-8716-f0a3182b6537 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d39030a1-0d70-45a9-90e4-397f82de9acc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WA**Vt ]Ɋ& !Vt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5fc5bf7-472a-4dcf-8716-f0a3182b6537 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d39030a1-0d70-45a9-90e4-397f82de9acc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=po**X t ]Ɋ& !X t F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=88b5b736-2532-4e45-9e2f-97c12f655072 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**p t ]Ɋ& !X t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=88b5b736-2532-4e45-9e2f-97c12f655072 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**p t ]Ɋ& !X t F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=88b5b736-2532-4e45-9e2f-97c12f655072 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h t ]Ɋ& !X t F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=88b5b736-2532-4e45-9e2f-97c12f655072 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**h t ]Ɋ& !X t F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=88b5b736-2532-4e45-9e2f-97c12f655072 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNh**h t ]Ɋ& !X t F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=88b5b736-2532-4e45-9e2f-97c12f655072 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dBh** t ]Ɋ&  ! t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=88b5b736-2532-4e45-9e2f-97c12f655072 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=76b3e64b-0da8-454f-b334-4d765cb27f1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**Ct ]Ɋ& !Ct F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=88b5b736-2532-4e45-9e2f-97c12f655072 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=76b3e64b-0da8-454f-b334-4d765cb27f1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gine**Ct ]Ɋ& '!XCt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=29d1ed3b-4ed2-4587-8bda-57b8a525ed40 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**Ct ]Ɋ& ?!XCt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=29d1ed3b-4ed2-4587-8bda-57b8a525ed40 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**Ct ]Ɋ& ;!XCt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=29d1ed3b-4ed2-4587-8bda-57b8a525ed40 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ct ]Ɋ& 3!XCt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=29d1ed3b-4ed2-4587-8bda-57b8a525ed40 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsh**Ct ]Ɋ& 3!XCt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=29d1ed3b-4ed2-4587-8bda-57b8a525ed40 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ct ]Ɋ& 5!XCt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=29d1ed3b-4ed2-4587-8bda-57b8a525ed40 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=re**0Ct ]Ɋ& !Ct F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=29d1ed3b-4ed2-4587-8bda-57b8a525ed40 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ab5fbc62-76f9-4cad-a204-6422e7a7ba10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@Qt ]Ɋ& !Qt F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=29d1ed3b-4ed2-4587-8bda-57b8a525ed40 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ab5fbc62-76f9-4cad-a204-6422e7a7ba10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se@**f6} ]Ɋ& )!Xf6} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e076d81a-5da0-4e14-9901-00dd25b57df9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=027-**f6} ]Ɋ& A!Xf6} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e076d81a-5da0-4e14-9901-00dd25b57df9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=C**f6} ]Ɋ& =!Xf6} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e076d81a-5da0-4e14-9901-00dd25b57df9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **f6} ]Ɋ& 5!Xf6} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e076d81a-5da0-4e14-9901-00dd25b57df9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**f6} ]Ɋ& 5!Xf6} F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e076d81a-5da0-4e14-9901-00dd25b57df9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=%**f6} ]Ɋ& 7!Xf6} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e076d81a-5da0-4e14-9901-00dd25b57df9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**0f6} ]Ɋ& !f6} F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e076d81a-5da0-4e14-9901-00dd25b57df9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e366f34-a5e4-45f2-b08d-15e1c529496a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=50**@8} ]Ɋ& !8} F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e076d81a-5da0-4e14-9901-00dd25b57df9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e366f34-a5e4-45f2-b08d-15e1c529496a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e |@**X8} ]Ɋ& !X8} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fe787e6c-ec0b-4a25-a5bb-bcbbd3e66c47 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pdaX**p8} ]Ɋ& !X8} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fe787e6c-ec0b-4a25-a5bb-bcbbd3e66c47 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nEnp**h8} ]Ɋ& !X8} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fe787e6c-ec0b-4a25-a5bb-bcbbd3e66c47 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th**`8} ]Ɋ& !X8} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fe787e6c-ec0b-4a25-a5bb-bcbbd3e66c47 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`8} ]Ɋ& !X8} F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fe787e6c-ec0b-4a25-a5bb-bcbbd3e66c47 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h8} ]Ɋ& !X8} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fe787e6c-ec0b-4a25-a5bb-bcbbd3e66c47 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ruh**8} ]Ɋ&  !8} F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fe787e6c-ec0b-4a25-a5bb-bcbbd3e66c47 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3db5c6fb-dc16-40c8-872d-fb27f596ec6b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pipe**8} ]Ɋ& !8} F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fe787e6c-ec0b-4a25-a5bb-bcbbd3e66c47 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3db5c6fb-dc16-40c8-872d-fb27f596ec6b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**8)8} ]Ɋ& !X)8} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4bad1d0c-d0a6-4974-a31d-73d41fd09440 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P)8} ]Ɋ& !X)8} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4bad1d0c-d0a6-4974-a31d-73d41fd09440 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=unP**P)8} ]Ɋ& !X)8} F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4bad1d0c-d0a6-4974-a31d-73d41fd09440 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gineP**H)8} ]Ɋ& !X)8} F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4bad1d0c-d0a6-4974-a31d-73d41fd09440 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 65H**H)8} ]Ɋ& !X)8} F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4bad1d0c-d0a6-4974-a31d-73d41fd09440 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StriH**H)8} ]Ɋ& !X)8} F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4bad1d0c-d0a6-4974-a31d-73d41fd09440 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oluH** )8} ]Ɋ& !)8}  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4bad1d0c-d0a6-4974-a31d-73d41fd09440 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0ec761b7-2e34-4d04-b571-0fa57e7f0fd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=553** )8} ]Ɋ& !)8}  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4bad1d0c-d0a6-4974-a31d-73d41fd09440 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0ec761b7-2e34-4d04-b571-0fa57e7f0fd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X )8} ]Ɋ& !X)8}  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=217980e3-3e58-4da4-b621-e2d4031cf4a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arseX**p )8} ]Ɋ& !X)8}  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=217980e3-3e58-4da4-b621-e2d4031cf4a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h )8} ]Ɋ& !X)8}  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=217980e3-3e58-4da4-b621-e2d4031cf4a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eqh**`)8} ]Ɋ& !X)8} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=217980e3-3e58-4da4-b621-e2d4031cf4a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`)8} ]Ɋ& !X)8} F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=217980e3-3e58-4da4-b621-e2d4031cf4a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri`**`)8} ]Ɋ& !X)8} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=217980e3-3e58-4da4-b621-e2d4031cf4a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`ElfChnkAA`&sMu=VysMc&&**)8} ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !)8} F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=217980e3-3e58-4da4-b621-e2d4031cf4a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=74a4ceb7-737b-4644-91dc-6e5c11370c3f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**)8} ]Ɋ& !)8} F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=217980e3-3e58-4da4-b621-e2d4031cf4a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=74a4ceb7-737b-4644-91dc-6e5c11370c3f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **()8} ]Ɋ& !X)8} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bde06947-b88c-45d7-9eb4-e62885e3f8d1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@)8} ]Ɋ& !X)8} F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bde06947-b88c-45d7-9eb4-e62885e3f8d1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@)8} ]Ɋ& !X)8} F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bde06947-b88c-45d7-9eb4-e62885e3f8d1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | @**8)8} ]Ɋ& !X)8} F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bde06947-b88c-45d7-9eb4-e62885e3f8d1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Se8**8)8} ]Ɋ& !X)8} F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bde06947-b88c-45d7-9eb4-e62885e3f8d1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS8**8)8} ]Ɋ& !X)8} F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bde06947-b88c-45d7-9eb4-e62885e3f8d1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**79} ]Ɋ& !79} F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bde06947-b88c-45d7-9eb4-e62885e3f8d1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2b5f10a6-fb76-43a0-a689-acdc46649b84 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si**V9} ]Ɋ& !V9} F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bde06947-b88c-45d7-9eb4-e62885e3f8d1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2b5f10a6-fb76-43a0-a689-acdc46649b84 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obal**X;} ]Ɋ& !X;} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=510ba9e6-71d9-4c81-a477-b066d829f7ea HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p;} ]Ɋ& !X;} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=510ba9e6-71d9-4c81-a477-b066d829f7ea HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.p**p;} ]Ɋ& !X;} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=510ba9e6-71d9-4c81-a477-b066d829f7ea HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e.pp**h;} ]Ɋ& !X;} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=510ba9e6-71d9-4c81-a477-b066d829f7ea HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n.Ch**h;} ]Ɋ& !X;} F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=510ba9e6-71d9-4c81-a477-b066d829f7ea HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655h**h ;} ]Ɋ& !X;}  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=510ba9e6-71d9-4c81-a477-b066d829f7ea HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pah**!;} ]Ɋ&  !;}! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=510ba9e6-71d9-4c81-a477-b066d829f7ea HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=642384ec-9d7f-4ce5-98d7-9df5ba3295fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**";} ]Ɋ& !;}" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=510ba9e6-71d9-4c81-a477-b066d829f7ea HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=642384ec-9d7f-4ce5-98d7-9df5ba3295fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**#2<} ]Ɋ& '!X2<}# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=886fe241-67d0-486a-8f81-eca0b4f98072 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**$2<} ]Ɋ& ?!X2<}$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=886fe241-67d0-486a-8f81-eca0b4f98072 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**%2<} ]Ɋ& ;!X2<}% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=886fe241-67d0-486a-8f81-eca0b4f98072 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**&2<} ]Ɋ& 3!X2<}& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=886fe241-67d0-486a-8f81-eca0b4f98072 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ati**'2<} ]Ɋ& 3!X2<}' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=886fe241-67d0-486a-8f81-eca0b4f98072 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(2<} ]Ɋ& 5!X2<}( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=886fe241-67d0-486a-8f81-eca0b4f98072 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**0)2<} ]Ɋ& !2<}) F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=886fe241-67d0-486a-8f81-eca0b4f98072 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7f3821ec-f2d4-4566-816c-0ae8bddaf526 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@*G<} ]Ɋ& !G<}* F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=886fe241-67d0-486a-8f81-eca0b4f98072 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7f3821ec-f2d4-4566-816c-0ae8bddaf526 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stri@**+Yp ]Ɋ& )!XYp+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=83c58ea1-5473-41da-b90e-5b8a851ee1bc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tanc**,Yp ]Ɋ& A!XYp, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=83c58ea1-5473-41da-b90e-5b8a851ee1bc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b-4a**-Yp ]Ɋ& =!XYp- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=83c58ea1-5473-41da-b90e-5b8a851ee1bc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **.Yp ]Ɋ& 5!XYp. F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=83c58ea1-5473-41da-b90e-5b8a851ee1bc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**/Yp ]Ɋ& 5!XYp/ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=83c58ea1-5473-41da-b90e-5b8a851ee1bc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0Yp ]Ɋ& 7!XYp0 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=83c58ea1-5473-41da-b90e-5b8a851ee1bc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**01Yp ]Ɋ& !Yp1 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=83c58ea1-5473-41da-b90e-5b8a851ee1bc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eee64282-d546-4f70-a003-f0d19be1458b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m0**@2q ]Ɋ& !q2 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=83c58ea1-5473-41da-b90e-5b8a851ee1bc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eee64282-d546-4f70-a003-f0d19be1458b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P@**X3q ]Ɋ& !Xq3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dde50484-3619-4860-961c-2408ca265037 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0X**p4q ]Ɋ& !Xq4 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dde50484-3619-4860-961c-2408ca265037 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=inep**h5q ]Ɋ& !Xq5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dde50484-3619-4860-961c-2408ca265037 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh**`6q ]Ɋ& !Xq6 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dde50484-3619-4860-961c-2408ca265037 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`7q ]Ɋ& !Xq7 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dde50484-3619-4860-961c-2408ca265037 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I`**h8q ]Ɋ& !Xq8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dde50484-3619-4860-961c-2408ca265037 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nameh**9q ]Ɋ&  !q9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dde50484-3619-4860-961c-2408ca265037 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=30e7f148-5743-4de8-8470-6d6c767235f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand**:q ]Ɋ& !q: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dde50484-3619-4860-961c-2408ca265037 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=30e7f148-5743-4de8-8470-6d6c767235f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8;#r ]Ɋ& !X#r; F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e9e6b353-cae3-4976-9fc5-8ed13125599e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sc8**P<#r ]Ɋ& !X#r< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e9e6b353-cae3-4976-9fc5-8ed13125599e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P=#r ]Ɋ& !X#r= F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e9e6b353-cae3-4976-9fc5-8ed13125599e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== P**H>#r ]Ɋ& !X#r> F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e9e6b353-cae3-4976-9fc5-8ed13125599e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eId=H**H?#r ]Ɋ& !X#r? F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e9e6b353-cae3-4976-9fc5-8ed13125599e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d= H**H@#r ]Ɋ& !X#r@ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e9e6b353-cae3-4976-9fc5-8ed13125599e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RH**A#r ]Ɋ& !#rA F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e9e6b353-cae3-4976-9fc5-8ed13125599e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0e4d5df5-ee58-45b3-9390-f1aab2e9132f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= mmandName=  ]Ɋ& CommandPath= Comm#rElfChnkBqBqHWrMu=VysMc&&**B#r ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !#rB F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e9e6b353-cae3-4976-9fc5-8ed13125599e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0e4d5df5-ee58-45b3-9390-f1aab2e9132f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**XC#r ]Ɋ& !X#rC F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0afbc9f3-694b-466a-9e76-b451e495e50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pD#r ]Ɋ& !X#rD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0afbc9f3-694b-466a-9e76-b451e495e50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hE#r ]Ɋ& !X#rE F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0afbc9f3-694b-466a-9e76-b451e495e50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`F#r ]Ɋ& !X#rF F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0afbc9f3-694b-466a-9e76-b451e495e50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`G#r ]Ɋ& !X#rG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0afbc9f3-694b-466a-9e76-b451e495e50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`H#r ]Ɋ& !X#rH F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0afbc9f3-694b-466a-9e76-b451e495e50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**I#r ]Ɋ& !#rI F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0afbc9f3-694b-466a-9e76-b451e495e50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b60f169-10aa-4a1b-a977-3980c2ab2e44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**J5r ]Ɋ& !5rJ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0afbc9f3-694b-466a-9e76-b451e495e50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b60f169-10aa-4a1b-a977-3980c2ab2e44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(K5r ]Ɋ& !X5rK F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dccad612-91b6-463d-ae23-d3ae71313b18 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b(**@L5r ]Ɋ& !X5rL F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dccad612-91b6-463d-ae23-d3ae71313b18 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@M5r ]Ɋ& !X5rM F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dccad612-91b6-463d-ae23-d3ae71313b18 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8N5r ]Ɋ& !X5rN F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dccad612-91b6-463d-ae23-d3ae71313b18 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8O5r ]Ɋ& !X5rO F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dccad612-91b6-463d-ae23-d3ae71313b18 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8P5r ]Ɋ& !X5rP F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dccad612-91b6-463d-ae23-d3ae71313b18 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Q5r ]Ɋ& !5rQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dccad612-91b6-463d-ae23-d3ae71313b18 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=290087af-26d3-4108-806a-056b6b28d5da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **RTs ]Ɋ& !TsR F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dccad612-91b6-463d-ae23-d3ae71313b18 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=290087af-26d3-4108-806a-056b6b28d5da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**XSu ]Ɋ& !XuS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb7163c9-1817-43cc-9249-c4450c5d8cfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pTu ]Ɋ& !XuT F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb7163c9-1817-43cc-9249-c4450c5d8cfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pUu ]Ɋ& !XuU F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb7163c9-1817-43cc-9249-c4450c5d8cfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hVu ]Ɋ& !XuV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb7163c9-1817-43cc-9249-c4450c5d8cfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hWu ]Ɋ& !XuW F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb7163c9-1817-43cc-9249-c4450c5d8cfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hXu ]Ɋ& !XuX F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb7163c9-1817-43cc-9249-c4450c5d8cfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**Yu ]Ɋ&  !uY F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb7163c9-1817-43cc-9249-c4450c5d8cfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4b41ea1-1760-472d-99f9-09ed621a4e3e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Z&u ]Ɋ& !&uZ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb7163c9-1817-43cc-9249-c4450c5d8cfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4b41ea1-1760-472d-99f9-09ed621a4e3e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**[&u ]Ɋ& '!X&u[ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=adf2fce5-7bad-4a98-b65c-7ba2b2d36258 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **\&u ]Ɋ& ?!X&u\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=adf2fce5-7bad-4a98-b65c-7ba2b2d36258 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**]&u ]Ɋ& ;!X&u] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=adf2fce5-7bad-4a98-b65c-7ba2b2d36258 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**^&u ]Ɋ& 3!X&u^ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=adf2fce5-7bad-4a98-b65c-7ba2b2d36258 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **_&u ]Ɋ& 3!X&u_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=adf2fce5-7bad-4a98-b65c-7ba2b2d36258 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**`&u ]Ɋ& 5!X&u` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=adf2fce5-7bad-4a98-b65c-7ba2b2d36258 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0a&u ]Ɋ& !&ua F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=adf2fce5-7bad-4a98-b65c-7ba2b2d36258 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=17b30a32-acba-415a-96e9-3347d8fc197d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@bOv ]Ɋ& !Ovb F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=adf2fce5-7bad-4a98-b65c-7ba2b2d36258 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=17b30a32-acba-415a-96e9-3347d8fc197d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-f0d@**cRD ]Ɋ& )!XRDc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6747244a-0c37-44f6-847d-e836a97212b7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**dRD ]Ɋ& A!XRDd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6747244a-0c37-44f6-847d-e836a97212b7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**eRD ]Ɋ& =!XRDe F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6747244a-0c37-44f6-847d-e836a97212b7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=24**fRD ]Ɋ& 5!XRDf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6747244a-0c37-44f6-847d-e836a97212b7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**gRD ]Ɋ& 5!XRDg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6747244a-0c37-44f6-847d-e836a97212b7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**hRD ]Ɋ& 7!XRDh F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6747244a-0c37-44f6-847d-e836a97212b7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0iG%SD ]Ɋ& !G%SDi F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6747244a-0c37-44f6-847d-e836a97212b7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=30dc056b-7395-4732-8866-04bbe59829bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@jݽSD ]Ɋ& !ݽSDj F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6747244a-0c37-44f6-847d-e836a97212b7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=30dc056b-7395-4732-8866-04bbe59829bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**XkݽSD ]Ɋ& !XݽSDk F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7020fa14-9c7c-4ec6-8784-d8d21fe302cf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**plݽSD ]Ɋ& !XݽSDl F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7020fa14-9c7c-4ec6-8784-d8d21fe302cf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hmݽSD ]Ɋ& !XݽSDm F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7020fa14-9c7c-4ec6-8784-d8d21fe302cf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`nݽSD ]Ɋ& !XݽSDn F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7020fa14-9c7c-4ec6-8784-d8d21fe302cf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`oݽSD ]Ɋ& !XݽSDo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7020fa14-9c7c-4ec6-8784-d8d21fe302cf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hpݽSD ]Ɋ& !XݽSDp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7020fa14-9c7c-4ec6-8784-d8d21fe302cf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@h**qݽSD ]Ɋ&  !ݽSDq F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7020fa14-9c7c-4ec6-8784-d8d21fe302cf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=04cca6c1-5951-40b2-a9a6-2f0bec7119fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!#r ]Ɋ& attVTDr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7020fa14-9c7c-4ec6-8784-d8d21fe302cf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=04cca6c1-5951-40b2-a9a6-2f0bec7119fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkrr@iMu=VysMc&&**rtVTD ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !tVTDr F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7020fa14-9c7c-4ec6-8784-d8d21fe302cf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=04cca6c1-5951-40b2-a9a6-2f0bec7119fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8stVTD ]Ɋ& !XtVTDs F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=feae26aa-ca08-4092-ac7e-a9413539e186 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om8**PttVTD ]Ɋ& !XtVTDt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=feae26aa-ca08-4092-ac7e-a9413539e186 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**PutVTD ]Ɋ& !XtVTDu F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=feae26aa-ca08-4092-ac7e-a9413539e186 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaP**HvtVTD ]Ɋ& !XtVTDv F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=feae26aa-ca08-4092-ac7e-a9413539e186 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iptNH**HwtVTD ]Ɋ& !XtVTDw F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=feae26aa-ca08-4092-ac7e-a9413539e186 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTypH**HxtVTD ]Ɋ& !XtVTDx F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=feae26aa-ca08-4092-ac7e-a9413539e186 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**ytVTD ]Ɋ& !tVTDy F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=feae26aa-ca08-4092-ac7e-a9413539e186 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3328b353-db44-49dd-8c79-3d9f251f6a6a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ztVTD ]Ɋ& !tVTDz F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=feae26aa-ca08-4092-ac7e-a9413539e186 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3328b353-db44-49dd-8c79-3d9f251f6a6a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X{tVTD ]Ɋ& !XtVTD{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=37065f7f-cc4a-4f94-8ec3-2f23a1dc6426 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulX**p|tVTD ]Ɋ& !XtVTD| F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=37065f7f-cc4a-4f94-8ec3-2f23a1dc6426 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={ [p**h}tVTD ]Ɋ& !XtVTD} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=37065f7f-cc4a-4f94-8ec3-2f23a1dc6426 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e2h**`~tVTD ]Ɋ& !XtVTD~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=37065f7f-cc4a-4f94-8ec3-2f23a1dc6426 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rS`**`tVTD ]Ɋ& !XtVTD F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=37065f7f-cc4a-4f94-8ec3-2f23a1dc6426 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`tVTD ]Ɋ& !XtVTD F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=37065f7f-cc4a-4f94-8ec3-2f23a1dc6426 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**tVTD ]Ɋ& !tVTD F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=37065f7f-cc4a-4f94-8ec3-2f23a1dc6426 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=515acc59-5124-4648-94a0-f4529b9218f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-** TD ]Ɋ& ! TD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=37065f7f-cc4a-4f94-8ec3-2f23a1dc6426 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=515acc59-5124-4648-94a0-f4529b9218f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ure**( TD ]Ɋ& !X TD F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9b20de8b-db32-45c9-ac93-af97a33e8b7e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v(**@ TD ]Ɋ& !X TD F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9b20de8b-db32-45c9-ac93-af97a33e8b7e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K@**@ TD ]Ɋ& !X TD F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9b20de8b-db32-45c9-ac93-af97a33e8b7e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=@**8 TD ]Ɋ& !X TD F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9b20de8b-db32-45c9-ac93-af97a33e8b7e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F8**8 TD ]Ɋ& !X TD F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9b20de8b-db32-45c9-ac93-af97a33e8b7e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam8**8 TD ]Ɋ& !X TD F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9b20de8b-db32-45c9-ac93-af97a33e8b7e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Gl8** TD ]Ɋ& ! TD F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9b20de8b-db32-45c9-ac93-af97a33e8b7e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ca622619-a59e-4bf0-9435-1a8dcc93e295 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**UD ]Ɋ& !UD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9b20de8b-db32-45c9-ac93-af97a33e8b7e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ca622619-a59e-4bf0-9435-1a8dcc93e295 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tall**XdQWD ]Ɋ& !XdQWD F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a1e4d70d-59c8-4a9f-9a7c-a274cf2bced8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\X**pdQWD ]Ɋ& !XdQWD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a1e4d70d-59c8-4a9f-9a7c-a274cf2bced8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\p**pdQWD ]Ɋ& !XdQWD F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a1e4d70d-59c8-4a9f-9a7c-a274cf2bced8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=help**hdQWD ]Ɋ& !XdQWD F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a1e4d70d-59c8-4a9f-9a7c-a274cf2bced8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ct h**hdQWD ]Ɋ& !XdQWD F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a1e4d70d-59c8-4a9f-9a7c-a274cf2bced8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n';h**hdQWD ]Ɋ& !XdQWD F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a1e4d70d-59c8-4a9f-9a7c-a274cf2bced8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=([h**dQWD ]Ɋ&  !dQWD F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a1e4d70d-59c8-4a9f-9a7c-a274cf2bced8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ab12e90e-da6f-462b-9d02-d1697393470f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta**dQWD ]Ɋ& !dQWD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a1e4d70d-59c8-4a9f-9a7c-a274cf2bced8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ab12e90e-da6f-462b-9d02-d1697393470f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omma**WD ]Ɋ& '!XWD F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7deff42b-d785-463d-afbf-15667505818f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**WD ]Ɋ& ?!XWD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7deff42b-d785-463d-afbf-15667505818f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**WD ]Ɋ& ;!XWD F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7deff42b-d785-463d-afbf-15667505818f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt **WD ]Ɋ& 3!XWD F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7deff42b-d785-463d-afbf-15667505818f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=**WD ]Ɋ& 3!XWD F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7deff42b-d785-463d-afbf-15667505818f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**WD ]Ɋ& 5!XWD F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7deff42b-d785-463d-afbf-15667505818f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0WD ]Ɋ& !WD F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7deff42b-d785-463d-afbf-15667505818f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4111b236-6936-4d80-936b-33756cdc1280 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@XD ]Ɋ& !XD F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7deff42b-d785-463d-afbf-15667505818f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4111b236-6936-4d80-936b-33756cdc1280 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w@**`v ]Ɋ& )!X`v F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dcbb0128-9402-49a6-9e53-61b8234e4092 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nter**`v ]Ɋ& A!X`v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dcbb0128-9402-49a6-9e53-61b8234e4092 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**`v ]Ɋ& =!X`v F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dcbb0128-9402-49a6-9e53-61b8234e4092 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**`v ]Ɋ& 5!X`v F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dcbb0128-9402-49a6-9e53-61b8234e4092 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**`v ]Ɋ& 5!X`v F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dcbb0128-9402-49a6-9e53-61b8234e4092 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Va**`v ]Ɋ& 7!X`v F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dcbb0128-9402-49a6-9e53-61b8234e4092 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0`v ]Ɋ& !`v F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dcbb0128-9402-49a6-9e53-61b8234e4092 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9a15648-ad61-425f-b4bf-df59de5af020 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@`v ]Ɋ& !`v F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dcbb0128-9402-49a6-9e53-61b8234e4092 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9a15648-ad61-425f-b4bf-df59de5af020 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bec@19fc Pipel ]Ɋ& meX`v F&e=ElfChnkH8 kdMu=VysMc&&**X`v ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ;!X`v F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=95156c8d-32ac-40e8-89b8-43ca16277291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p`v ]Ɋ& !X`v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=95156c8d-32ac-40e8-89b8-43ca16277291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h`v ]Ɋ& !X`v F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=95156c8d-32ac-40e8-89b8-43ca16277291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**``v ]Ɋ& !X`v F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=95156c8d-32ac-40e8-89b8-43ca16277291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**``v ]Ɋ& !X`v F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=95156c8d-32ac-40e8-89b8-43ca16277291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h`v ]Ɋ& !X`v F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=95156c8d-32ac-40e8-89b8-43ca16277291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h**`v ]Ɋ&  !`v F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=95156c8d-32ac-40e8-89b8-43ca16277291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=379d772a-c3af-45d3-b998-d00c62f72500 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TD**v ]Ɋ& !v F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=95156c8d-32ac-40e8-89b8-43ca16277291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=379d772a-c3af-45d3-b998-d00c62f72500 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8v ]Ɋ& !Xv F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e3f0899-503e-4899-b884-e853fcf573eb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pv ]Ɋ& !Xv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e3f0899-503e-4899-b884-e853fcf573eb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pv ]Ɋ& !Xv F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e3f0899-503e-4899-b884-e853fcf573eb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hv ]Ɋ& !Xv F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e3f0899-503e-4899-b884-e853fcf573eb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=~H**Hv ]Ɋ& !Xv F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e3f0899-503e-4899-b884-e853fcf573eb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**Hv ]Ɋ& !Xv F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e3f0899-503e-4899-b884-e853fcf573eb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**v ]Ɋ& !v F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e3f0899-503e-4899-b884-e853fcf573eb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1d213613-92ba-4d18-bb7c-d7244b0dda4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVT**v ]Ɋ& !v F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e3f0899-503e-4899-b884-e853fcf573eb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1d213613-92ba-4d18-bb7c-d7244b0dda4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xv ]Ɋ& !Xv F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e5ab3719-5f89-4251-901a-443937dc502c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pv ]Ɋ& !Xv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e5ab3719-5f89-4251-901a-443937dc502c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**hv ]Ɋ& !Xv F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e5ab3719-5f89-4251-901a-443937dc502c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`v ]Ɋ& !Xv F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e5ab3719-5f89-4251-901a-443937dc502c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`v ]Ɋ& !Xv F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e5ab3719-5f89-4251-901a-443937dc502c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`v ]Ɋ& !Xv F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e5ab3719-5f89-4251-901a-443937dc502c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**v ]Ɋ& !v F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e5ab3719-5f89-4251-901a-443937dc502c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d31fabdd-1ded-4e73-88bc-63b884275a57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**v ]Ɋ& !v F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e5ab3719-5f89-4251-901a-443937dc502c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d31fabdd-1ded-4e73-88bc-63b884275a57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(Jv ]Ɋ& !XJv F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a45d950d-be01-4cca-8d4a-9778e5302330 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@Jv ]Ɋ& !XJv F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a45d950d-be01-4cca-8d4a-9778e5302330 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2@**@Jv ]Ɋ& !XJv F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a45d950d-be01-4cca-8d4a-9778e5302330 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8Jv ]Ɋ& !XJv F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a45d950d-be01-4cca-8d4a-9778e5302330 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8Jv ]Ɋ& !XJv F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a45d950d-be01-4cca-8d4a-9778e5302330 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==a18**8Jv ]Ɋ& !XJv F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a45d950d-be01-4cca-8d4a-9778e5302330 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**Jv ]Ɋ& !Jv F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a45d950d-be01-4cca-8d4a-9778e5302330 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=652b9a25-7198-4631-8cb8-3402e5574d7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**#v ]Ɋ& !#v F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a45d950d-be01-4cca-8d4a-9778e5302330 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=652b9a25-7198-4631-8cb8-3402e5574d7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**XPv ]Ɋ& !XPv F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=888dd3f2-caf2-4bae-817d-54629a994ccd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**pPv ]Ɋ& !XPv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=888dd3f2-caf2-4bae-817d-54629a994ccd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pPv ]Ɋ& !XPv F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=888dd3f2-caf2-4bae-817d-54629a994ccd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**hPv ]Ɋ& !XPv F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=888dd3f2-caf2-4bae-817d-54629a994ccd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**hPv ]Ɋ& !XPv F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=888dd3f2-caf2-4bae-817d-54629a994ccd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hPv ]Ɋ& !XPv F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=888dd3f2-caf2-4bae-817d-54629a994ccd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**Pv ]Ɋ&  !Pv F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=888dd3f2-caf2-4bae-817d-54629a994ccd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=add45900-84ec-44ec-8dbb-0b92b3c58f2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**笊v ]Ɋ& !笊v F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=888dd3f2-caf2-4bae-817d-54629a994ccd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=add45900-84ec-44ec-8dbb-0b92b3c58f2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **}Ev ]Ɋ& '!X}Ev F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=32dafbb4-9808-4ede-a0eb-2548dbbe49a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**}Ev ]Ɋ& ?!X}Ev F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=32dafbb4-9808-4ede-a0eb-2548dbbe49a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**}Ev ]Ɋ& ;!X}Ev F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=32dafbb4-9808-4ede-a0eb-2548dbbe49a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**}Ev ]Ɋ& 3!X}Ev F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=32dafbb4-9808-4ede-a0eb-2548dbbe49a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**}Ev ]Ɋ& 3!X}Ev F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=32dafbb4-9808-4ede-a0eb-2548dbbe49a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**}Ev ]Ɋ& 5!X}Ev F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=32dafbb4-9808-4ede-a0eb-2548dbbe49a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0}Ev ]Ɋ& !}Ev F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=32dafbb4-9808-4ede-a0eb-2548dbbe49a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4bbbaa2b-595b-428b-bccb-d079b24e0dcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@ދv ]Ɋ& !ދv F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=32dafbb4-9808-4ede-a0eb-2548dbbe49a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4bbbaa2b-595b-428b-bccb-d079b24e0dcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 @pelineId=  ]Ɋ& maXnڶ F&19fc Pipel ]Ɋ& meX`v F&e=ElfChnkhP)h:bMu=VysMc&&**nڶ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xnڶ F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=194bbf17-5cae-44c8-8869-f1db3363d0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**nڶ ]Ɋ& A!Xnڶ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=194bbf17-5cae-44c8-8869-f1db3363d0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**nڶ ]Ɋ& =!Xnڶ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=194bbf17-5cae-44c8-8869-f1db3363d0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**nڶ ]Ɋ& 5!Xnڶ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=194bbf17-5cae-44c8-8869-f1db3363d0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **nڶ ]Ɋ& 5!Xnڶ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=194bbf17-5cae-44c8-8869-f1db3363d0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=95**nڶ ]Ɋ& 7!Xnڶ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=194bbf17-5cae-44c8-8869-f1db3363d0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**0nڶ ]Ɋ& !nڶ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=194bbf17-5cae-44c8-8869-f1db3363d0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=569d776b-e588-4e0e-872b-5b37f1ca20bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@Boڶ ]Ɋ& !Boڶ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=194bbf17-5cae-44c8-8869-f1db3363d0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=569d776b-e588-4e0e-872b-5b37f1ca20bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F@**XBoڶ ]Ɋ& !XBoڶ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=574865ff-23c0-4ef0-92a4-721b1e775488 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pBoڶ ]Ɋ& !XBoڶ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=574865ff-23c0-4ef0-92a4-721b1e775488 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**hBoڶ ]Ɋ& !XBoڶ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=574865ff-23c0-4ef0-92a4-721b1e775488 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`Boڶ ]Ɋ& !XBoڶ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=574865ff-23c0-4ef0-92a4-721b1e775488 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Boڶ ]Ɋ& !XBoڶ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=574865ff-23c0-4ef0-92a4-721b1e775488 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hBoڶ ]Ɋ& !XBoڶ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=574865ff-23c0-4ef0-92a4-721b1e775488 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tarth**Boڶ ]Ɋ&  !Boڶ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=574865ff-23c0-4ef0-92a4-721b1e775488 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a71bdbea-28d9-4703-897a-0ba666e2d490 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **Boڶ ]Ɋ& !Boڶ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=574865ff-23c0-4ef0-92a4-721b1e775488 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a71bdbea-28d9-4703-897a-0ba666e2d490 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mb**8Boڶ ]Ɋ& !XBoڶ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ac0af5c7-4676-4cb7-ba6a-b6a38ebc7c80 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne8**PBoڶ ]Ɋ& !XBoڶ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ac0af5c7-4676-4cb7-ba6a-b6a38ebc7c80 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=P**PBoڶ ]Ɋ& !XBoڶ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ac0af5c7-4676-4cb7-ba6a-b6a38ebc7c80 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtedP**HBoڶ ]Ɋ& !XBoڶ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ac0af5c7-4676-4cb7-ba6a-b6a38ebc7c80 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FuH**HBoڶ ]Ɋ& !XBoڶ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ac0af5c7-4676-4cb7-ba6a-b6a38ebc7c80 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**HBoڶ ]Ɋ& !XBoڶ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ac0af5c7-4676-4cb7-ba6a-b6a38ebc7c80 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Boڶ ]Ɋ& !Boڶ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ac0af5c7-4676-4cb7-ba6a-b6a38ebc7c80 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9cf931cd-6d95-42f9-ba9c-df80c8378603 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**oڶ ]Ɋ& !oڶ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ac0af5c7-4676-4cb7-ba6a-b6a38ebc7c80 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9cf931cd-6d95-42f9-ba9c-df80c8378603 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xoڶ ]Ɋ& !Xoڶ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f6c6317c-2a0f-416b-a3d0-8582ff4c7c54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**poڶ ]Ɋ& !Xoڶ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f6c6317c-2a0f-416b-a3d0-8582ff4c7c54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe= p**hoڶ ]Ɋ& !Xoڶ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f6c6317c-2a0f-416b-a3d0-8582ff4c7c54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`oڶ ]Ɋ& !Xoڶ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f6c6317c-2a0f-416b-a3d0-8582ff4c7c54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt`**`oڶ ]Ɋ& !Xoڶ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f6c6317c-2a0f-416b-a3d0-8582ff4c7c54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`oڶ ]Ɋ& !Xoڶ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f6c6317c-2a0f-416b-a3d0-8582ff4c7c54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**oڶ ]Ɋ& !oڶ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f6c6317c-2a0f-416b-a3d0-8582ff4c7c54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2f3e9deb-ea77-455f-b7da-fea6afd0cd44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **oڶ ]Ɋ& !oڶ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f6c6317c-2a0f-416b-a3d0-8582ff4c7c54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2f3e9deb-ea77-455f-b7da-fea6afd0cd44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(oڶ ]Ɋ& !Xoڶ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e67f95ed-1a05-4643-8c39-fcf6d1258e66 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@oڶ ]Ɋ& !Xoڶ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e67f95ed-1a05-4643-8c39-fcf6d1258e66 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@oڶ ]Ɋ& !Xoڶ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e67f95ed-1a05-4643-8c39-fcf6d1258e66 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o('@**8oڶ ]Ɋ& !Xoڶ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e67f95ed-1a05-4643-8c39-fcf6d1258e66 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayV8**8oڶ ]Ɋ& !Xoڶ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e67f95ed-1a05-4643-8c39-fcf6d1258e66 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8oڶ ]Ɋ& !Xoڶ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e67f95ed-1a05-4643-8c39-fcf6d1258e66 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um8**oڶ ]Ɋ& !oڶ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e67f95ed-1a05-4643-8c39-fcf6d1258e66 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e1808ddf-bf4d-4782-bd3c-fed64da7710a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** qڶ ]Ɋ& ! qڶ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e67f95ed-1a05-4643-8c39-fcf6d1258e66 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e1808ddf-bf4d-4782-bd3c-fed64da7710a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= **Xrڶ ]Ɋ& !Xrڶ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=59b1ffa8-1177-4bfd-b731-181dcdb4b2c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**prڶ ]Ɋ& !Xrڶ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=59b1ffa8-1177-4bfd-b731-181dcdb4b2c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**prڶ ]Ɋ& !Xrڶ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=59b1ffa8-1177-4bfd-b731-181dcdb4b2c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=900p**hrڶ ]Ɋ& !Xrڶ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=59b1ffa8-1177-4bfd-b731-181dcdb4b2c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**hrڶ ]Ɋ& !Xrڶ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=59b1ffa8-1177-4bfd-b731-181dcdb4b2c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hrڶ ]Ɋ& !Xrڶ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=59b1ffa8-1177-4bfd-b731-181dcdb4b2c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**rڶ ]Ɋ&  !rڶ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=59b1ffa8-1177-4bfd-b731-181dcdb4b2c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b07f7996-f1ba-4059-ac98-6e2594a2328a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **3nsڶ ]Ɋ& !3nsڶ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=59b1ffa8-1177-4bfd-b731-181dcdb4b2c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b07f7996-f1ba-4059-ac98-6e2594a2328a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hell**3nsڶ ]Ɋ& '!X3nsڶ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2ef44ed4-c4c4-4ae1-8a54-a0e8dbe58132 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**3nsڶ ]Ɋ& ?!X3nsڶ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2ef44ed4-c4c4-4ae1-8a54-a0e8dbe58132 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-de-a0eb-2548 ]Ɋ& reX3nsڶ F&ame . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4bbbaa2b-595b-428b-bccb-d079b24e0dcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 @pelineId=  ]Ɋ& maXnڶ F&19fc Pipel ]Ɋ& meX`v F&e=ElfChnk77@/YWՁMu=VysMc&&** 3nsڶ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X3nsڶ F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2ef44ed4-c4c4-4ae1-8a54-a0e8dbe58132 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **3nsڶ ]Ɋ& 3!X3nsڶ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2ef44ed4-c4c4-4ae1-8a54-a0e8dbe58132 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**3nsڶ ]Ɋ& 3!X3nsڶ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2ef44ed4-c4c4-4ae1-8a54-a0e8dbe58132 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b33**3nsڶ ]Ɋ& 5!X3nsڶ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2ef44ed4-c4c4-4ae1-8a54-a0e8dbe58132 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0 3nsڶ ]Ɋ& !3nsڶ  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2ef44ed4-c4c4-4ae1-8a54-a0e8dbe58132 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b98d441d-24d4-458f-892f-0f8cce142582 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@ tڶ ]Ɋ& !tڶ  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2ef44ed4-c4c4-4ae1-8a54-a0e8dbe58132 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b98d441d-24d4-458f-892f-0f8cce142582 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com@** yN> ]Ɋ& )!XyN>  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fba502b1-1284-4f48-87b0-82747c2fa146 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== ** yN> ]Ɋ& A!XyN>  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fba502b1-1284-4f48-87b0-82747c2fa146 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tSta** yN> ]Ɋ& =!XyN>  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fba502b1-1284-4f48-87b0-82747c2fa146 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**yN> ]Ɋ& 5!XyN> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fba502b1-1284-4f48-87b0-82747c2fa146 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**yN> ]Ɋ& 5!XyN> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fba502b1-1284-4f48-87b0-82747c2fa146 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ve**yN> ]Ɋ& 7!XyN> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fba502b1-1284-4f48-87b0-82747c2fa146 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**0yN> ]Ɋ& !yN> F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fba502b1-1284-4f48-87b0-82747c2fa146 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7841e34d-9a86-47ac-be4e-180ef3c8a46c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@O> ]Ɋ& !O> F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fba502b1-1284-4f48-87b0-82747c2fa146 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7841e34d-9a86-47ac-be4e-180ef3c8a46c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**XO> ]Ɋ& !XO> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ba915585-796a-4213-a836-bc1c8a23cd71 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pO> ]Ɋ& !XO> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ba915585-796a-4213-a836-bc1c8a23cd71 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hO> ]Ɋ& !XO> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ba915585-796a-4213-a836-bc1c8a23cd71 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`O> ]Ɋ& !XO> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ba915585-796a-4213-a836-bc1c8a23cd71 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`O> ]Ɋ& !XO> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ba915585-796a-4213-a836-bc1c8a23cd71 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hO> ]Ɋ& !XO> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ba915585-796a-4213-a836-bc1c8a23cd71 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah**O> ]Ɋ&  !O> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ba915585-796a-4213-a836-bc1c8a23cd71 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e152d0e-f0c0-417f-b0cf-d6b099c8b6f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New**'O> ]Ɋ& !'O> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ba915585-796a-4213-a836-bc1c8a23cd71 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e152d0e-f0c0-417f-b0cf-d6b099c8b6f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**8'O> ]Ɋ& !X'O> F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f612cb90-ae3f-4665-b4e6-2857f30c265a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**P'O> ]Ɋ& !X'O> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f612cb90-ae3f-4665-b4e6-2857f30c265a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**P'O> ]Ɋ& !X'O> F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f612cb90-ae3f-4665-b4e6-2857f30c265a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**H'O> ]Ɋ& !X'O> F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f612cb90-ae3f-4665-b4e6-2857f30c265a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H'O> ]Ɋ& !X'O> F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f612cb90-ae3f-4665-b4e6-2857f30c265a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**H 'O> ]Ɋ& !X'O>  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f612cb90-ae3f-4665-b4e6-2857f30c265a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**!'O> ]Ɋ& !'O>! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f612cb90-ae3f-4665-b4e6-2857f30c265a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2dc60d6a-cb2e-40fd-8219-c0b6cad307ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**"'O> ]Ɋ& !'O>" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f612cb90-ae3f-4665-b4e6-2857f30c265a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2dc60d6a-cb2e-40fd-8219-c0b6cad307ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X#'O> ]Ɋ& !X'O># F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0d437e12-4004-4084-96b1-9cbfc4469521 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p$'O> ]Ɋ& !X'O>$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0d437e12-4004-4084-96b1-9cbfc4469521 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h%'O> ]Ɋ& !X'O>% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0d437e12-4004-4084-96b1-9cbfc4469521 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`&'O> ]Ɋ& !X'O>& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0d437e12-4004-4084-96b1-9cbfc4469521 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8e`**`''O> ]Ɋ& !X'O>' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0d437e12-4004-4084-96b1-9cbfc4469521 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`('O> ]Ɋ& !X'O>( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0d437e12-4004-4084-96b1-9cbfc4469521 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**)'O> ]Ɋ& !'O>) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0d437e12-4004-4084-96b1-9cbfc4469521 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62815a39-9114-4bc4-aab0-9891ade724e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n***CP> ]Ɋ& !CP>* F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0d437e12-4004-4084-96b1-9cbfc4469521 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62815a39-9114-4bc4-aab0-9891ade724e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=782**(+CP> ]Ɋ& !XCP>+ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fdecb2ef-6d42-490d-9853-0d3deb419045 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@,CP> ]Ɋ& !XCP>, F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fdecb2ef-6d42-490d-9853-0d3deb419045 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@-CP> ]Ɋ& !XCP>- F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fdecb2ef-6d42-490d-9853-0d3deb419045 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8.CP> ]Ɋ& !XCP>. F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fdecb2ef-6d42-490d-9853-0d3deb419045 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8/CP> ]Ɋ& !XCP>/ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fdecb2ef-6d42-490d-9853-0d3deb419045 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**80CP> ]Ɋ& !XCP>0 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fdecb2ef-6d42-490d-9853-0d3deb419045 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8**1CP> ]Ɋ& !CP>1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fdecb2ef-6d42-490d-9853-0d3deb419045 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=da8c4b1b-ca68-46b4-9906-4c0ab35d02bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**2tQ> ]Ɋ& !tQ>2 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fdecb2ef-6d42-490d-9853-0d3deb419045 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=da8c4b1b-ca68-46b4-9906-4c0ab35d02bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**X3>S> ]Ɋ& !X>S>3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=22a8d05d-3cca-4f8a-be41-22fc00890673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p4>S> ]Ɋ& !X>S>4 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=22a8d05d-3cca-4f8a-be41-22fc00890673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p5>S> ]Ɋ& !X>S>5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=22a8d05d-3cca-4f8a-be41-22fc00890673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**h6>S> ]Ɋ& !X>S>6 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=22a8d05d-3cca-4f8a-be41-22fc00890673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**h7>S> ]Ɋ& !X>S>7 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=22a8d05d-3cca-4f8a-be41-22fc00890673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& X>S>8 F&]Ɋ& meX`v F&e=ElfChnk8B8B`CI9TMu=VysMc&&**p 8>S> ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!X>S>8 F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=22a8d05d-3cca-4f8a-be41-22fc00890673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp **9>S> ]Ɋ&  !>S>9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=22a8d05d-3cca-4f8a-be41-22fc00890673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8480090c-9544-4fb9-89ef-e90a7c8471ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**:ES> ]Ɋ& !ES>: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=22a8d05d-3cca-4f8a-be41-22fc00890673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8480090c-9544-4fb9-89ef-e90a7c8471ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio**;ES> ]Ɋ& '!XES>; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f57d89bc-11cf-48f8-9c13-fcf9461e7167 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**<ES> ]Ɋ& ?!XES>< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f57d89bc-11cf-48f8-9c13-fcf9461e7167 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**=ES> ]Ɋ& ;!XES>= F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f57d89bc-11cf-48f8-9c13-fcf9461e7167 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**>ES> ]Ɋ& 3!XES>> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f57d89bc-11cf-48f8-9c13-fcf9461e7167 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**?ES> ]Ɋ& 3!XES>? F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f57d89bc-11cf-48f8-9c13-fcf9461e7167 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t **@ES> ]Ɋ& 5!XES>@ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f57d89bc-11cf-48f8-9c13-fcf9461e7167 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0AES> ]Ɋ& !ES>A F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f57d89bc-11cf-48f8-9c13-fcf9461e7167 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4a62aa00-56cd-4693-92d9-6b01c2ee1a53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=740**@BoT> ]Ɋ& !oT>B F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f57d89bc-11cf-48f8-9c13-fcf9461e7167 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4a62aa00-56cd-4693-92d9-6b01c2ee1a53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@ne=]Ɋ&@**XO> ]Ɋ& !XO> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ba915585-796a-4213-a836-bc1c8a23cd71 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pO> ]Ɋ& !XO> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ba915585-796a-4213-a836-bc1c8a23cd71 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hO> ]Ɋ& !XO> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ba915585-796a-4213-a836-bc1c8a23cd71 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`O> ]Ɋ& !XO> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ba915585-796a-4213-a836-bc1c8a23cd71 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`O> ]Ɋ& !XO> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ba915585-796a-4213-a836-bc1c8a23cd71 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hO> ]Ɋ& !XO> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ba915585-796a-4213-a836-bc1c8a23cd71 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah**O> ]Ɋ&  !O> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ba915585-796a-4213-a836-bc1c8a23cd71 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e152d0e-f0c0-417f-b0cf-d6b099c8b6f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New**'O> ]Ɋ& !'O> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ba915585-796a-4213-a836-bc1c8a23cd71 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e152d0e-f0c0-417f-b0cf-d6b099c8b6f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**8'O> ]Ɋ& !X'O> F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f612cb90-ae3f-4665-b4e6-2857f30c265a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**P'O> ]Ɋ& !X'O> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f612cb90-ae3f-4665-b4e6-2857f30c265a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**P'O> ]Ɋ& !X'O> F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f612cb90-ae3f-4665-b4e6-2857f30c265a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**H'O> ]Ɋ& !X'O> F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f612cb90-ae3f-4665-b4e6-2857f30c265a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H'O> ]Ɋ& !X'O> F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f612cb90-ae3f-4665-b4e6-2857f30c265a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**H 'O> ]Ɋ& !X'O>  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f612cb90-ae3f-4665-b4e6-2857f30c265a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**!'O> ]Ɋ& !'O>! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f612cb90-ae3f-4665-b4e6-2857f30c265a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2dc60d6a-cb2e-40fd-8219-c0b6cad307ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**"'O> ]Ɋ& !'O>" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f612cb90-ae3f-4665-b4e6-2857f30c265a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2dc60d6a-cb2e-40fd-8219-c0b6cad307ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X#'O> ]Ɋ& !X'O># F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0d437e12-4004-4084-96b1-9cbfc4469521 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p$'O> ]Ɋ& !X'O>$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0d437e12-4004-4084-96b1-9cbfc4469521 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h%'O> ]Ɋ& !X'O>% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0d437e12-4004-4084-96b1-9cbfc4469521 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`&'O> ]Ɋ& !X'O>& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0d437e12-4004-4084-96b1-9cbfc4469521 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8e`**`''O> ]Ɋ& !X'O>' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0d437e12-4004-4084-96b1-9cbfc4469521 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`('O> ]Ɋ& !X'O>( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0d437e12-4004-4084-96b1-9cbfc4469521 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**)'O> ]Ɋ& !'O>) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0d437e12-4004-4084-96b1-9cbfc4469521 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62815a39-9114-4bc4-aab0-9891ade724e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n***CP> ]Ɋ& !CP>* F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0d437e12-4004-4084-96b1-9cbfc4469521 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62815a39-9114-4bc4-aab0-9891ade724e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=782**(+CP> ]Ɋ& !XCP>+ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fdecb2ef-6d42-490d-9853-0d3deb419045 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@,CP> ]Ɋ& !XCP>, F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fdecb2ef-6d42-490d-9853-0d3deb419045 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@-CP> ]Ɋ& !XCP>- F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fdecb2ef-6d42-490d-9853-0d3deb419045 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8.CP> ]Ɋ& !XCP>. F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fdecb2ef-6d42-490d-9853-0d3deb419045 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8/CP> ]Ɋ& !XCP>/ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fdecb2ef-6d42-490d-9853-0d3deb419045 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**80CP> ]Ɋ& !XCP>0 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fdecb2ef-6d42-490d-9853-0d3deb419045 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8**1CP> ]Ɋ& !CP>1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fdecb2ef-6d42-490d-9853-0d3deb419045 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=da8c4b1b-ca68-46b4-9906-4c0ab35d02bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**2tQ> ]Ɋ& !tQ>2 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fdecb2ef-6d42-490d-9853-0d3deb419045 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=da8c4b1b-ca68-46b4-9906-4c0ab35d02bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**X3>S> ]Ɋ& !X>S>3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=22a8d05d-3cca-4f8a-be41-22fc00890673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p4>S> ]Ɋ& !X>S>4 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=22a8d05d-3cca-4f8a-be41-22fc00890673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p5>S> ]Ɋ& !X>S>5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=22a8d05d-3cca-4f8a-be41-22fc00890673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**h6>S> ]Ɋ& !X>S>6 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=22a8d05d-3cca-4f8a-be41-22fc00890673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**h7>S> ]Ɋ& !X>S>7 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=22a8d05d-3cca-4f8a-be41-22fc00890673 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& X>S>8 F&]Ɋ& meX`v F&e=ElfChnk((} fMu=VysMc&&**h+ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!X+ F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h+ ]Ɋ& !X+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**+ ]Ɋ&  !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58694703-9616-4374-8d63-448c94267ad0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58694703-9616-4374-8d63-448c94267ad0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**8+ ]Ɋ& !X+ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P+ ]Ɋ& !X+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P+ ]Ɋ& !X+ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H+ ]Ɋ& !X+ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H+ ]Ɋ& !X+ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H+ ]Ɋ& !X+ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H**+ ]Ɋ& !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e503ef1b-0ef1-4d15-b109-e6529ba9ff9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e503ef1b-0ef1-4d15-b109-e6529ba9ff9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X;N+ ]Ɋ& !X;N+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**p;N+ ]Ɋ& !X;N+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**h;N+ ]Ɋ& !X;N+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**`;N+ ]Ɋ& !X;N+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**` ;N+ ]Ɋ& !X;N+  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**` ;N+ ]Ɋ& !X;N+  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`** ;N+ ]Ɋ& !;N+  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9d34b185-9cde-458d-a497-02e63e62c12d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ;N+ ]Ɋ& !;N+  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9d34b185-9cde-458d-a497-02e63e62c12d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**( ;N+ ]Ɋ& !X;N+  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@;N+ ]Ɋ& !X;N+ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5@**@;N+ ]Ɋ& !X;N+ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**8;N+ ]Ɋ& !X;N+ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**8;N+ ]Ɋ& !X;N+ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0-8**8;N+ ]Ɋ& !X;N+ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**;N+ ]Ɋ& !;N+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f153ef16-fe13-4aae-bfa3-106539dcc425 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f153ef16-fe13-4aae-bfa3-106539dcc425 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**X+ ]Ɋ& !X+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p+ ]Ɋ& !X+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**p+ ]Ɋ& !X+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**h+ ]Ɋ& !X+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**h+ ]Ɋ& !X+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**h+ ]Ɋ& !X+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**+ ]Ɋ&  !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c08c2e74-b9e6-4aa6-a58b-ae32913191c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c08c2e74-b9e6-4aa6-a58b-ae32913191c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio**,I+ ]Ɋ& '!X,I+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**,I+ ]Ɋ& ?!X,I+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**,I+ ]Ɋ& ;!X,I+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne** ,I+ ]Ɋ& 3!X,I+  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **!,I+ ]Ɋ& 3!X,I+! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP**",I+ ]Ɋ& 5!X,I+" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**0#,I+ ]Ɋ& !,I+# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=86ec39d4-0cc2-45b0-911c-d322c354979f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@$+ ]Ɋ& !+$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=86ec39d4-0cc2-45b0-911c-d322c354979f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @**%4 ]Ɋ& )!X4% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut-S**&4 ]Ɋ& A!X4& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 -C**'4 ]Ɋ& =!X4' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**(4 ]Ɋ& 5!X4( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on.0 HostId= ]Ɋ& icX4) F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&XElfChnk)Y)Yp;jcMu=VysMc&&**)4 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X4) F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= ***4 ]Ɋ& 7!X4* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0+4 ]Ɋ& !4+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=79d7e7d7-b9da-49cb-ab31-2e054fed60e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@,*<4 ]Ɋ& !*<4, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=79d7e7d7-b9da-49cb-ab31-2e054fed60e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X-4 ]Ɋ& !X4- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p.4 ]Ɋ& !X4. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h/4 ]Ɋ& !X4/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`04 ]Ɋ& !X40 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`14 ]Ɋ& !X41 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h24 ]Ɋ& !X42 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**34 ]Ɋ&  !43 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8cf56c5b-4623-4f4b-8907-c51de9af2625 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **44 ]Ɋ& !44 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8cf56c5b-4623-4f4b-8907-c51de9af2625 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**854 ]Ɋ& !X45 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P64 ]Ɋ& !X46 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P74 ]Ɋ& !X47 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H84 ]Ɋ& !X48 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**H94 ]Ɋ& !X49 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**H:4 ]Ɋ& !X4: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**;4 ]Ɋ& !4; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9327b47c-e4cc-450e-9029-8c1713f7bd1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**<4 ]Ɋ& !4< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9327b47c-e4cc-450e-9029-8c1713f7bd1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**X=Wm4 ]Ɋ& !XWm4= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**p>Wm4 ]Ɋ& !XWm4> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**h?Wm4 ]Ɋ& !XWm4? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`@Wm4 ]Ɋ& !XWm4@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`AWm4 ]Ɋ& !XWm4A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`BWm4 ]Ɋ& !XWm4B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**CWm4 ]Ɋ& !Wm4C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=28aea82b-0865-4547-b5cc-617d7dcdedba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**DWm4 ]Ɋ& !Wm4D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=28aea82b-0865-4547-b5cc-617d7dcdedba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(EWm4 ]Ɋ& !XWm4E F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c(**@FWm4 ]Ɋ& !XWm4F F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@GWm4 ]Ɋ& !XWm4G F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8HWm4 ]Ɋ& !XWm4H F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8IWm4 ]Ɋ& !XWm4I F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8JWm4 ]Ɋ& !XWm4J F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**KWm4 ]Ɋ& !Wm4K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1c9565ea-02f6-44c7-b2dd-6de2dd4aa24c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**L4 ]Ɋ& !4L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1c9565ea-02f6-44c7-b2dd-6de2dd4aa24c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**XM74 ]Ɋ& !X74M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pN74 ]Ɋ& !X74N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pO74 ]Ɋ& !X74O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hP74 ]Ɋ& !X74P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hQ74 ]Ɋ& !X74Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca1h**hR74 ]Ɋ& !X74R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**S74 ]Ɋ&  !74S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99ceaa75-fedc-465c-bc10-a4ed032897a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**T4 ]Ɋ& !4T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99ceaa75-fedc-465c-bc10-a4ed032897a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**UHh4 ]Ɋ& '!XHh4U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**VHh4 ]Ɋ& ?!XHh4V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**WHh4 ]Ɋ& ;!XHh4W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XHh4 ]Ɋ& 3!XHh4X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**YHh4 ]Ɋ& 3!XHh4Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& XHh4Z F&) F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&XElfChnkZZp(?d nMu=VysMc&&** ZHh4 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XHh4Z F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=47c **0[Hh4 ]Ɋ& !Hh4[ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8657acf6-e493-4858-ae42-a3a5f6fa1599 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@\ 4 ]Ɋ& ! 4\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8657acf6-e493-4858-ae42-a3a5f6fa1599 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**]v ]Ɋ& )!Xv] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**^v ]Ɋ& A!Xv^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **_v ]Ɋ& =!Xv_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**`v ]Ɋ& 5!Xv` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**av ]Ɋ& 5!Xva F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **bv ]Ɋ& 7!Xvb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0cow ]Ɋ& !owc F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ef99668-7da7-44ea-a0c7-7e8cae3401ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@dx ]Ɋ& !xd F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ef99668-7da7-44ea-a0c7-7e8cae3401ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**Xex ]Ɋ& !Xxe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pfx ]Ɋ& !Xxf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**hgx ]Ɋ& !Xxg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`hx ]Ɋ& !Xxh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`iB9y ]Ɋ& !XB9yi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hjB9y ]Ɋ& !XB9yj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**kB9y ]Ɋ&  !B9yk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec3d5ed0-c533-465b-8334-24f133165a46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**lB9y ]Ɋ& !B9yl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec3d5ed0-c533-465b-8334-24f133165a46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8m{ ]Ɋ& !X{m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**Pn{ ]Ɋ& !X{n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**Po{ ]Ɋ& !X{o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**Hp{ ]Ɋ& !X{p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**Hq{ ]Ɋ& !X{q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ftVoH**Hr{ ]Ɋ& !X{r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ritH**s{ ]Ɋ& !{s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0aace691-150b-47ba-9a50-bdd44e8d3600 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**t{ ]Ɋ& !{t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0aace691-150b-47ba-9a50-bdd44e8d3600 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**Xu{ ]Ɋ& !X{u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US;X**pv{ ]Ɋ& !X{v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostVp**hw{ ]Ɋ& !X{w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`x{ ]Ɋ& !X{x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*`**`y{ ]Ɋ& !X{y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru`**`z{ ]Ɋ& !X{z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**{{ ]Ɋ& !{{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=558b8ff7-a57d-4a90-82f9-30e0044ece9f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**|{ ]Ɋ& !{| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=558b8ff7-a57d-4a90-82f9-30e0044ece9f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(}{ ]Ɋ& !X{} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6(**@~{ ]Ɋ& !X{~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d@**@{ ]Ɋ& !X{ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8{ ]Ɋ& !X{ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8{ ]Ɋ& !X{ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8{ ]Ɋ& !X{ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**{ ]Ɋ& !{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e1ed133e-1614-4d15-ae91-397650a88538 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**| ]Ɋ& !| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e1ed133e-1614-4d15-ae91-397650a88538 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X^ ]Ɋ& !X^ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p^ ]Ɋ& !X^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p^ ]Ɋ& !X^ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h^ ]Ɋ& !X^ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h^ ]Ɋ& !X^ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h^ ]Ɋ& !X^ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**^ ]Ɋ&  !^ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=33110b96-e41c-4bab-a3c2-91275f8ea8eb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sbe.properties ]Ɋ& Cu F&n-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& XHh4Z F&) F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&X